Question on Best Practice and original message

ahack210 · August 1, 2024, 10:21pm

Quick question on best practices related to original, raw syslog messages (pre-processing).
After grokking the data into fields, is it best practice to keep the original “message” field or would it make sense to drop that field in the name of storage capacity or other reasons?

Opinions welcome.

system · August 15, 2024, 10:21pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Best way to clear initial message field? Graylog Central (peer support)	2	547	November 4, 2020
How to get a raw version and a parsed version of the same messages Graylog Central (peer support) pipeline-rules	3	976	March 3, 2022
Syslog message field copy issue Graylog Central (peer support)	1	523	September 7, 2018
Message prefix when using Raw/Plaintext Graylog Central (peer support)	4	594	September 18, 2020
General Question Making Sense of Data Graylog Central (peer support)	12	602	September 6, 2022

Question on Best Practice and original message

Related topics