matejrycek
(Matej Rycek)
1
hi,
I am trying to create rule for rename fields from my netflow fields and after i rename the field by pipeline i cannot search by rename field.
What i am doing wrong?
Please help.
My rule:
rule "neflow normalizace"
when
has_field("source") AND contains(to_string($message.source), "10.0.10.1")
then
rename_field("nf_dst", "dst");
end
Search:
jochen
(Jochen)
2
The colon character (’:’) is a reserved character in the Lucene query language. You have to escape it as described in the documentation:
http://docs.graylog.org/en/2.3/pages/queries.html#search-query-language
matejrycek
(Matej Rycek)
3
thank you very much jochem!
this was my fault.
best regards,
Matej.
system
(system)
Closed
4
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.