Description of your problem I was having issues with the default settings for the Syslog UDP input so I switched to using the Raw/Plaintext UDP input and will set the fields I want using pipelines/rules. One issue I have is that I can’t seem to find a way to set the facility and log level fields. …

Pipeline rule to set facility and log level categories

shoothub (Shoothub) September 9, 2021, 2:03pm 8

Yes, you have to change it from long to keyword. No index mapping won’t reset after index rotation.

@tmacgbay has just posted nice article about custom mapping, check this for better explanation:

Topic		Replies	Views
Set_fields Usage? Graylog Central (peer support) pipeline-rules	7	2093	February 17, 2022
Documentation, Fields in $message Graylog Central (peer support)	6	3187	June 2, 2020
Pipelines key value Graylog Central (peer support) pipeline-rules , debuggingpl	6	837	September 16, 2020
Pipeline Rules w/ Regex Graylog Central (peer support)	4	395	October 9, 2023
Pipeline Rule doesn't see extracted fields but only a few $message properties like $message.message and $message.level Graylog Central (peer support) pipeline-rules , debuggingpl	4	2326	November 29, 2017