Replace application_name

kkplein · March 21, 2018, 2:08pm

Hi,

We have a syslog input, and I would like to replace the application_name from the generic “logger” to “myapp”, when the message has a specific source.

Would an “extractor” be the way to do this? What would be the simplest extrator to simply change “logger” into “myapp”, for syslog messages with a specific source?

jochen · March 21, 2018, 3:01pm

You can change the content of a specific field in a pipeline rule: http://docs.graylog.org/en/2.4/pages/pipelines.html

Example:

rule "replace-app-name"
when
  has_field("application_name") && to_string($message.source) == "specific-source"
then
  set_field("application_name", "myapp");
end

kkplein · March 21, 2018, 3:19pm

Super! What a powerful piece of software! We’re new users, and while we still have SO much to discover, we are amazed already. Thanks!

system · April 4, 2018, 3:19pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Replacing the Name in the Source Field Graylog Central (peer support)	6	6396	November 8, 2019
Where to find information about field "application_name" Graylog Central (peer support) pipeline-rules	2	1067	September 28, 2020
Issue with application_name field Graylog Central (peer support) pipeline-rules	6	1140	September 17, 2020
Change source name PIPELINES Graylog Central (peer support)	6	2147	November 29, 2019
Source Name Identification Graylog Central (peer support) pipeline-rules	10	5433	March 22, 2017

Replace application_name

Related topics