i want to drop many messages when messages contain keyword like:
example message:
message 1: snmpd[13594]: truncating integer value > 32 bits
message 2: agetty[23940]: /dev/ttyS0: not a tty
here my pipeline rule
rule "Drop Message fw noise-2"
when
contains(to_string($message.message),"truncating") && contains(to_string($message.message), "agetty")
then
drop_message();
end
Thank you
What do you need help with?
You probably need “||” not “&&” in the example above.
It look as though you are describing two messages coming through. Pipeline Rules only work on one message at a time. If you are licensed (Free if you use under 2GB a day) You can store message information in Graylog MongoDB instance for future message use - its not clear how you would correlate it from what what you have shown though. Is that what you mean?
I want to put multiple conditions into a pipeline rule, for example a pipeline with many keywords so that when a message coming to a stream the pipeline will drop messages containing those keywords.
thank you, let me try
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.