Is it possible to filter messages on the default stream (All Messages). Essentially we have an application that can get too chatty with a specific kind of message which blows up our disk. I’m trying to see if there is a way to configure Graylog to prevent this single message from this single application from being received by the default stream.
Would there be an alternative method or work around to achieve this?
In pipelines you can use drop_message and it will just delete that entire log message and it will never be stored.
You can either drop specific messages that match, or you could do an allow rule first that identifies messages that you want to keep, and then a rule following that is basically a drop everything that is left after that.