Stream failed to send messages which created in pipeline to output

Here is a stream with name A. And a pipeline named ActionExtractor

ActionExtractor will compose up new messages using a rule in the below. New messages are routed to a new stream B. I want to Output this stream to logstash-gelf-input(UDP), but nothing sent to it

rule "alert"
    when
      has_field("action") AND contains("monitor check finish",to_string($message.action))
    then
      let new_msg = create_message(to_string($message.action), "", to_date(to_string($message.apptime), "Asia/Shanghai"));
      set_field("action", $message.action,"","",new_msg);
      set_field("apptime", $message.apptime,"","",new_msg);
      set_field("arguments", $message.arguments,"","",new_msg);
      route_to_stream("B","",new_msg);
end

hej @tuxknight

please re-read the documentation of the contains() pipeline function.

contains(“monitor check finish”,to_string($message.action)) has the same effect with
to_string($message.action) == “monitor” OR to_string($message.action) == “check” OR to_string($message.action) == “finish”

contains(“monitor check finish”,to_string($message.action)) has the same effect with
to_string($message.action) == “monitor” OR to_string($message.action) == “check” OR to_string($message.action) == “finish”

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.