Hi, I would like to ask you how to deal with $SUBJ? Additional question marks: a. I need something like logstash mutate -> remove_field functionality: feasible in Graylog? b. after some examination: is the Graylog correct/only tool "drools"? (pipeline procesing still marked as experimental) c. what is exact processing order in Graylog (from my issue point of view): 1. input filter with extractor (created via GUI) 2. drools file *.drl? d. where is the best starting point for learning drools? not the link in graylog docs, but where can I find e.g. list of "methods" (e.g. "add.Field")?
My current set-up: 1. local file with logs 2. logstah for file processing (LS sending json to RabbitMQ) 3. RabbiMQ 4. Graylog (input with RawAMPQ): used JSON extractor - working, but I need to remove "message" field (remove data duplication) Thanks in advance. nimmie -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/b49e3a46-3e46-457d-bd04-5cc34942c2dd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
