Is it possible for an extractor to conditionally act upon a field taking other fields into consideration? For example, I have a GELF message that arrives looking like this:
facility: gelf-rb > facility_label: local2 > file: /dev/log > level: Info [6] > line: -1 > message: 10.11.79.25:55415 [05/Jun/2014:17:21:08.847] stats~ stats/<STATS> > 1/-1/-1/-1/4 200 110897 - - LR-- 1/0/0/0/0 0/0 "GET / HTTP/1.1" > pid: 6888 > priority: 150 > program: haproxy > severity_label: Informational > source: endpoint-01.dev.law.caltesting.org > type: syslog > version: 1.0 > full_message: 10.11.79.25:55415 [05/Jun/2014:17:21:08.847] stats~ > stats/<STATS> 1/-1/-1/-1/4 200 110897 - - LR-- 1/0/0/0/0 0/0 "GET / > HTTP/1.1" I would like to write an extractor for the HAProxy log line that only triggers when the program field contains HAProxy. -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
