How to exclude log with pipeline?

(Arcocide) #1

Hi everyone,

I would like to add pipeline to exclude automatically some logs ?
I think that I must use pipeline but I don’t know how ! I’m just beginning Graylog :slight_smile:

For example I would like to exclude log with such host or source.

For information I receive all logs with JSON format.

(Jochen) #2

Yes, you can use the processing pipelines for that, see for details.

You can stop processing messages with the drop_message() function.

(Arcocide) #3

Ok thanks you for your answer but could you give me one example ?
I 'm not a good dev :slight_smile:

I try for drop message :
rule "drop cronjob"
has_field(“application_name”) && to_string($message.application_name) == "CRON"

Is it correct for you ?

(Jan Doberstein) #4


that should work

(Arcocide) #5

Ok thx and for my new pipeline

pipeline "My new pipeline"
stage 1 match all
rule “drop message”;

(Jochen) #6

Looks fine.

Why don’t you just try it out instead of asking if it’s fine?

(Arcocide) #7

Now yes :slight_smile:

(system) closed #8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.