Pipeline to Overriding facility with additional _facility field

n3xus · April 18, 2017, 1:12pm

I’m trying to write a rule to override “facility” with “_facility” but not working. Can you tell me what I’m doing wrong?

rule "override facility field with _facility"
when
    has_field("_facility")
then
    set_field("facility", $message._facility);
end

jochen · April 18, 2017, 1:30pm

Have you connected the rule to the correct pipeline and the pipeline to the correct stream?

Topic		Replies	Views
Has_field() not working Graylog Central (peer support) pipeline-rules	4	165	May 30, 2024
Drop facility/level fields Graylog Central (peer support) pipeline-rules	1	644	December 31, 2019
Problem with pipeline rule Graylog Central (peer support) pipeline-rules	1	416	September 9, 2020
Another try at pipeline rules Graylog Central (peer support) pipeline-rules , debuggingpl	5	1246	August 2, 2017
Graylog Rules and Pipeline not working Graylog Central (peer support) pipeline-rules	1	564	April 26, 2018