Stream rules logic to process only public IPV4 into it from the default 'all messages stream'

Hari · July 15, 2020, 9:59am

We have real-time events containing ‘public ip addresses’ coming into the All message Streams . Now , i wanted to create a new stream with a condition saying only if the messages contain public ip addresses in them , please route them into a different stream to apply some pipeline rules .

I have created a Grok Pattern to identify the public IP’s in the messages and has also created a new field dedicated to only public IP’s like shown here

Need a idea on how to map them in the stream rules ??

shoothub · July 15, 2020, 2:09pm

The simplest way is to use Stream rule - Type: field presence, if you have already field which contains only public IPs.

system · July 29, 2020, 2:09pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Help with stream rule Graylog Central (peer support)	3	215	February 27, 2024
Pipeline Rule - Drop messages with field containing IP Graylog Central (peer support) pipeline-rules , debuggingpl	7	3413	March 26, 2021
Testing Pipeline Effect on Stream Graylog Central (peer support) pipeline-rules	3	1373	October 25, 2017
Test Against Stream ALL GREEN but message not routed in stream Graylog Central (peer support) pipeline-rules , route-to-streampl	3	651	June 2, 2018
Messages not routing into stream Graylog Central (peer support) pipeline-rules , route-to-streampl	4	2292	May 25, 2018

Stream rules logic to process only public IPV4 into it from the default 'all messages stream'

Related topics