How to exclude log with pipeline?

Groucou · September 12, 2017, 10:35am

Hi everyone,

I would like to add pipeline to exclude automatically some logs ?
I think that I must use pipeline but I don’t know how ! I’m just beginning Graylog

For example I would like to exclude log with such host or source.

For information I receive all logs with JSON format.

jochen · September 12, 2017, 1:16pm

Yes, you can use the processing pipelines for that, see http://docs.graylog.org/en/2.3/pages/pipelines.html for details.

You can stop processing messages with the drop_message() function.

Groucou · September 12, 2017, 1:39pm

Ok thanks you for your answer but could you give me one example ?
I 'm not a good dev

I try for drop message :
rule "drop cronjob"
when
has_field(“application_name”) && to_string($message.application_name) == "CRON"
then
drop_message();
end

Is it correct for you ?

jan · September 12, 2017, 1:54pm

@Groucou

that should work

Groucou · September 12, 2017, 2:02pm

Ok thx and for my new pipeline

pipeline "My new pipeline"
stage 1 match all
rule “drop message”;
end

jochen · September 12, 2017, 3:00pm

Looks fine.

Why don’t you just try it out instead of asking if it’s fine?

Groucou · September 12, 2017, 3:05pm

Now yes

system · September 26, 2017, 3:06pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Exclude source from graylog Graylog Central (peer support) pipeline-rules	12	2209	February 7, 2019
Filter logs Received Graylog Central (peer support) documentation	4	78	August 8, 2024
Excluding logs using pipeline Graylog Central (peer support)	2	1376	November 5, 2018
How to stop all messages from a specific ip/source? Graylog Central (peer support)	9	928	July 12, 2022
Drop Incoming Message Containing a Specific Word Graylog Central (peer support)	7	4346	August 27, 2019

How to exclude log with pipeline?

Related topics