Stream rules not working

RyanInsolencee · December 21, 2023, 2:21am

ive set up wazuh sending logs to graylog succesfully, created streams and indices that are working but for some reason specific logs are missing from in my fortigate stream but are in my archives stream, ive set the stream rules but it isnt working. even specifically matching all rules it still doesnt work please advise.

i even loaded a message to test the rules and it does show all green and that the message will be routed into this stream but it is still empty

patrickmann · December 21, 2023, 1:48pm

Can you share an example of a log message that is failing to show up, along with the pipeline rule?
I assume you already checked the Failure Stream for any issues in processing.
The first thing to look for is always a timezone mismatch. But we’d need some more details to see what is going on.

system · January 4, 2024, 1:48pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Pipeline rule not working Graylog Central (peer support) pipeline-rules , route-to-streampl , debuggingpl	7	4014	November 20, 2017
Odd Pipeline/Stream Behavior Graylog Central (peer support)	10	348	January 19, 2024
Pipeline on new stream not working Graylog Central (peer support) pipeline-rules	3	2635	July 7, 2021
Rules for stream Graylog Central (peer support)	3	663	April 14, 2022
Stream not getting messages Graylog Central (peer support) pipeline-rules	4	3310	March 15, 2019

Stream rules not working

Related topics