Is it more computationally efficient to filter with a stream rule or a pipeline rule?
I have a dedicated input for my VMware syslog. To move toward dropping the debug noise I have a stream with rules for level = 7 and source = 5d66e177775fb801f6d027bd (the input id).
Would it be better to use a pipeline rule to drop all messages originating from that stream? Or should I forget about using a stream rule, feed the All Messages stream into a pipeline rule, and perform my filtering there?