I've been reading up on pipelines to filter out noise from the incoming logs. For example I have a web app which logs its own refreshes constantly and is flooding me so I'd like to learn how to filter them out.
The messages looks like this: message www-data : TTY=unknown ; PWD=/var/www ; USER=root ; COMMAND=/var/www/bin/header.sh network So I'd basically like to filter out any message containing "COMMAND=/var/www/bin/header.sh" in the message field. I've found a few functions for rules that look like they could be used but I am clueless how to put together a rule. Can anyone help out? drop_message(message: Message) This currently processed message will be removed from the processing pipeline after the rule finishes. has_field(field: string, [message: Message]) Checks whether the currently processed message contains the named field. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/82a17243-e091-4b6b-8826-e5723758ede5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
