Problem with pipeline rule

Hi!
I have Graylog 3.3.5
NXlog on server receive syslog messages and send them to Graylog with OutputType GELF_TCP.
I see messages in Graylog and put them into Stream “KSC Events”
I create Pipeline to blacklist (filter) some messages and get problem with has_field() function:
For example has_field(“event_p2”) return False but this field exists:
“field_names”: [
“SyslogFacility”,
“gl2_remote_ip”,
“gl2_remote_port”,
“source”,
“gl2_source_input”,
“event_hip”,
“event_p2”,
“SeverityValue”,
“MessageSourceAddress”,
“SyslogSeverityValue”,
“SyslogFacilityValue”,
“gl2_source_node”,
“event_etdn”,
“timestamp”,
“MessageID”,
“gl2_accounted_message_size”,
“SyslogSeverity”,
“SourceModuleType”,
“level”,
“event_et”,
“streams”,
“gl2_message_id”,
“event_hdn”,
“SourceName”,
“Severity”,
“message”,
“EventReceivedTime”,
“SourceModuleName”,
“full_message”,
“_id”,
“event_tdn”,
“event_gn”
],

Message processor Configuration:

  1. Message Filter Chain (active)
  2. Pipeline Processor (active)

All of these methods return False:
has_field(“event_p2”)
has_field(“event_etdn”)
has_field(“event_hip”)
has_field(“event_hdn”)

But has_field(“SourceName”) return True

Please help me. Thank you.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.