Problem with pipeline rule

I have Graylog 3.3.5
NXlog on server receive syslog messages and send them to Graylog with OutputType GELF_TCP.
I see messages in Graylog and put them into Stream “KSC Events”
I create Pipeline to blacklist (filter) some messages and get problem with has_field() function:
For example has_field(“event_p2”) return False but this field exists:
“field_names”: [

Message processor Configuration:

  1. Message Filter Chain (active)
  2. Pipeline Processor (active)

All of these methods return False:

But has_field(“SourceName”) return True

Please help me. Thank you.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.