Testing Pipelines - Mines not working how do i test it?

So how do i test pipelines? So what i want to do is rewrite in a couple of instances the Source field which seems to be default in graylog.
In one instance - this is a pfsense box I want to remove the : of the end of the String.
A bit meaningless i know, but it will make my graphs easier later.
So i have the below rule, which i would expect to see being hit on every log coming in. And its not, and when i go looking at a rule that should have been rewritten the parameter hasn’t been rewritten to what i am expecting.

Can anyone suggest i how break this down to solve what is happening please?

Thanks P

rule “pfsense-filterlog”
has_field(“message”) AND contains(“filterlog:”,to_string($message.source))
set_field(“source”, “Filterlog”);

Use the debug() function in your pipeline and watch the graylog logs to see what is going on:


$ tail -f /var/log/graylog-server/server.log

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.