NOT has_field in pipeline rules


I tried to use the function has_field with (!) But it doesn’t work correctly to rout messages to a stream.
Please advise

Try to use debug message function to check if your rule match, or there is problem with routing messages:

let debug_message = concat("Match: ", to_string($message.timestamp));
let debug_message2 = concat(debug_message, to_string($message.message));

After that check your graylog logs and find if your condition match for message or not:
sudo tail -f /var/log/graylog-server/server.log

hey @Majdoline

I tried to use the function has_field with (!)

Do you mind to be a little more verbose? What did you tried exactly and what is not working?

In addition what Graylog Version did you use?


Many thanks for your replys. I use 3.1 of graylog.
It was an error in arranging the rules by stages.
It works now “! has_field()” and “NOT has_fidld()”

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.