Routing Graylog Events into Another stream

sunicod · November 5, 2020, 7:20pm

I understand there is a stream called All events. I would like to route all graylog events that are alerts into another stream. I have tried creating the following pipeline rule but no messages have been coming through. The ‘remove matches from all messages stream’ is disabled for the All events stream too.

rule "Write: Alert Stream"
when
    has_field("alert")
    and contains(to_string($message.alert), "true")
then
    //route the message to the stream and index
    route_to_stream(name: "Alert Stream");

end

jan · November 5, 2020, 7:52pm

he @sunicod

you can’t do processing on the events stream as those messages are not processed like normal messages. You can’t move them out of that desired events stream.

sunicod · November 5, 2020, 8:00pm

Thank you for confirming.

system · November 19, 2020, 8:46pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Rules for routing messages to different indexes Graylog Central (peer support) route-to-streampl	9	667	March 22, 2024
Routing Messages Across Streams and Index Sets Graylog Central (peer support) pipeline-rules , route-to-streampl	2	1779	February 8, 2018
All Events Stream messages are not getting to Pipeline function Graylog Central (peer support)	2	791	October 2, 2019
Piping Interesting Events using chain of streams Graylog Central (peer support) pipeline-rules , route-to-streampl	3	558	February 23, 2021
Pipeline help - Route to different index Graylog Central (peer support) pipeline-rules , route-to-streampl	9	4016	June 19, 2018

Routing Graylog Events into Another stream

Related topics