Hi Rajeev,
except for the missing "end" statement, that rule looks valid.
Cheers,
Jochen
On Tuesday, 7 June 2016 12:26:41 UTC+2, Rajeev Verma wrote:
>
> Thanks Jochen,
>
> That helps I will try to do the same and will come back if there are any
> questions. However if I want to drop a msg is this how we do it?
>
> rule "function howto"
> when
> has_field("transaction_date")
> thendrop_message()
>
>
> On Tue, Jun 7, 2016 at 1:35 PM, Jochen Schalanda wrote:
>
>> Hi Rajeev,
>>
>> you can use the message processing pipeline to drop unwanted messages,
>> see http://docs.graylog.org/en/2.0/pages/pipelines.html for details.
>>
>> Cheers,
>> Jochen
>>
>> On Tuesday, 7 June 2016 06:22:42 UTC+2, Rajeev Verma wrote:
>>>
>>> Hello,
>>>
>>> I would like to understand if there is a possible way to drop logs and
>>> do not index them so that it can save some space.
>>>
>>> For example: I don't want logs for reserved IP traffic (Internal
>>> traffic) so rather than storing them / indexing them I would like to drop
>>> them and keep the rest of the logs.
>>>
>>> This will save a lot of space once we have multiple devices. Could
>>> someone please help me on that.
>>>
>>> Regards
>>> RV
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/09a8ce27-e6d5-400b-8a41-ea06150c98ee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
