Use custom field (created by inputs/extractors) for a pipeline filter?

qupfer · May 22, 2017, 11:52am

Hi,
I just want to “ignore” some log messages. If you have better solutions, I will be also happy

My plan is:

use inputs/extractor to add a field “skip” (Store as field: skip)
use pipeline/filter to drop all messages with the field “skip”

The extractor look fine, but my messages are not dropped.

Thats I wrote as filter:

rule "skip"
when 
 has_field ("skip")
then 
 drop_message();
end

Is it not possible to use such a custum field for a filter? What can I do or is just my filter wrong?
At the moment, I just move them to a separated stream, but I want to ignore/delete them.

Thanks

jan · May 22, 2017, 1:29pm

Hej @qupfer

what is your configured processing order the pipelines need to be after the message filter chain …

qupfer · May 22, 2017, 1:31pm

Thanks…so simple

system · June 5, 2017, 1:31pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Pipeline simulator and message fields Graylog Central (peer support)	6	4245	April 5, 2018
Stream -> pipeline And Input Extractor clarification Graylog Central (peer support) pipeline-rules , route-to-streampl	12	9059	July 3, 2018
Graylog: pipeline rule not considering Input's extractor fields Graylog Central (peer support) pipeline-rules , route-to-streampl	2	1529	May 6, 2020
New field using Pipeline Graylog Central (peer support) pipeline-rules , route-to-streampl	6	1925	August 8, 2018
Creating Stream Rules Using Pipeline Fields Graylog Central (peer support) pipeline-rules	5	5589	February 20, 2018

Use custom field (created by inputs/extractors) for a pipeline filter?

Related topics