Prevent Messages to Default Stream

Is it possible to filter messages on the default stream (All Messages). Essentially we have an application that can get too chatty with a specific kind of message which blows up our disk. I’m trying to see if there is a way to configure Graylog to prevent this single message from this single application from being received by the default stream.

Would there be an alternative method or work around to achieve this?

Thanks for your time.

If you mean don’t store them at all, absolutly!

In pipelines you can use drop_message and it will just delete that entire log message and it will never be stored.

You can either drop specific messages that match, or you could do an allow rule first that identifies messages that you want to keep, and then a rule following that is basically a drop everything that is left after that.


Yes, storing is exactly what I meant. This sounds promising. I will do some digging on this. Thanks!

1 Like

Always best to not send unwanted messages, but if you can’t prevent at the source, the pipeline is the way to go as @Joel_Duffield mentioned.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.