Pipeline to Overriding facility with additional _facility field

n3xus · April 18, 2017, 1:12pm

I’m trying to write a rule to override “facility” with “_facility” but not working. Can you tell me what I’m doing wrong?

rule "override facility field with _facility"
when
    has_field("_facility")
then
    set_field("facility", $message._facility);
end

jochen · April 18, 2017, 1:30pm

Have you connected the rule to the correct pipeline and the pipeline to the correct stream?

Topic		Replies	Views
Drop facility/level fields Graylog Central (peer support) pipeline-rules	1	610	December 31, 2019
Problem with pipeline rule Graylog Central (peer support) pipeline-rules	1	374	September 9, 2020
Another try at pipeline rules Graylog Central (peer support) pipeline-rules , debuggingpl	5	1197	August 2, 2017
Graylog Rules and Pipeline not working Graylog Central (peer support) pipeline-rules	1	518	April 26, 2018
How do you rename fields? Graylog Central (peer support) pipeline-rules , route-to-streampl	2	3163	January 3, 2019