I am sending syslog data from some networking devices ( Netgear switches, Siemens switches etc) to our Graylog instance. What’s happening is that the syslog msgs show “source” field as the ip-address of the device instead of the hostname. I understand that this is parsing issue and we need custom extractors to parse the data correctly . My question is regarding creating pipeline rules to resolve this.
I have created a stream-rule called “Siemens i800” as shown below that matches the field source with it’s corresponding device ip-address. Next i then created a pipleline called i800 which is connected to this steam. What’s next ? What more needs to be done to make this pipeline run and show the source name correctly in web UI ?
It still did not change the source field to show hostname in the web UI . Thats why i am wondering there is some more config to overwrite the source needed after creating the pipeline. Any words of wisdom ?