Test Against Stream ALL GREEN but message not routed in stream

andreaconsadoriw · May 18, 2018, 10:06am

Dear all,
i’ve two stream:

the fist one called ZZZ_MyFirewall where i collect log with this streamrule

Field firewallname must be present

seconda callet to_check with this streamrule

Field action must match exactly Allow
Field PkSource_geolocation must be present

now i got this message

source		firewallname	PkDestination_geolocation	PkSource_geolocation
10.0.0.1	myfirewall		95.4667,8.6333				91.8919,12.5113

if i click on it graylog say that this message will be router to ZZZ_MyFirewall
but if i test if on streamrule the test stream is ok (all rule match)

so how i can create a more specific stream rule to fist match this kind of message and a second “catch all for this source” stream?

jochen · May 18, 2018, 10:16am

Are all the message fields available in the message when it’s received by Graylog or are you creating the fields in an extractor or in a pipeline rule?

You can use the processing pipelines to route messages into streams with the route_to_stream() function.

andreaconsadoriw · May 19, 2018, 4:33am

fields are created by extractor rules

system · June 2, 2018, 4:33am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Configuration of streams Graylog Central (peer support) pipeline-rules , route-to-streampl	9	3104	July 15, 2020
Messages not routing into stream Graylog Central (peer support) pipeline-rules , route-to-streampl	4	2185	May 25, 2018
Pipeline on new stream not working Graylog Central (peer support) pipeline-rules	3	2398	July 7, 2021
Rules for routing messages to different indexes Graylog Central (peer support) route-to-streampl	9	189	March 22, 2024
Pipeline doest not route to stream Graylog Central (peer support) pipeline-rules , route-to-streampl , debuggingpl	10	2306	August 14, 2020

Test Against Stream ALL GREEN but message not routed in stream

Related Topics