Testing Pipelines - Mines not working how do i test it?

psfletchthetek · June 5, 2020, 12:47pm

HI,
So how do i test pipelines? So what i want to do is rewrite in a couple of instances the Source field which seems to be default in graylog.
In one instance - this is a pfsense box I want to remove the : of the end of the String.
A bit meaningless i know, but it will make my graphs easier later.
So i have the below rule, which i would expect to see being hit on every log coming in. And its not, and when i go looking at a rule that should have been rewritten the parameter hasn’t been rewritten to what i am expecting.

Can anyone suggest i how break this down to solve what is happening please?

Thanks P

rule “pfsense-filterlog”
when
has_field(“message”) AND contains(“filterlog:”,to_string($message.source))
then
set_field(“source”, “Filterlog”);
end

tmacgbay · June 5, 2020, 1:11pm

Use the debug() function in your pipeline and watch the graylog logs to see what is going on:

https://docs.graylog.org/en/latest/pages/pipelines/functions.html?highlight=debug#debug

$ tail -f /var/log/graylog-server/server.log

system · June 19, 2020, 1:11pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog 2.4.4-Snapshot pipeline rules not working Development pipeline-rules , debuggingpl	4	989	March 21, 2018
Another try at pipeline rules Graylog Central (peer support) pipeline-rules , debuggingpl	5	1246	August 2, 2017
Replacing the Name in the Source Field Graylog Central (peer support)	6	6421	November 8, 2019
Pipeline doesn't work Graylog Central (peer support) pipeline-rules , debuggingpl	5	1361	March 11, 2020
Change source name PIPELINES Graylog Central (peer support)	6	2150	November 29, 2019

Testing Pipelines - Mines not working how do i test it?

Related topics