Dear,
I tried to use the function has_field with (!) But it doesn’t work correctly to rout messages to a stream.
Please advise
Try to use debug message function to check if your rule match, or there is problem with routing messages:
let debug_message = concat("Match: ", to_string($message.timestamp));
let debug_message2 = concat(debug_message, to_string($message.message));
debug(debug_message2);
After that check your graylog logs and find if your condition match for message or not:
sudo tail -f /var/log/graylog-server/server.log
hey @Majdoline
I tried to use the function has_field with (!)
Do you mind to be a little more verbose? What did you tried exactly and what is not working?
In addition what Graylog Version did you use?
Thx
Many thanks for your replys. I use 3.1 of graylog.
It was an error in arranging the rules by stages.
It works now “! has_field()” and “NOT has_fidld()”
Thx
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.