> > > Using the new processing pipelines in Graylog 2.x (see > http://docs.graylog.org/en/2.0/pages/pipelines.html for details), you > could also use 1 input and run different rules for each source > device/service. >
In the case of "pipelines" each string will processed two times, This may have an effect under heavy loads. Right? > > Cheers, > Jochen > > On Tuesday, 21 June 2016 10:44:45 UTC+2, Андрей Грошев wrote: >> >> Hello people! >> I newbie in graylog and I want understand how right parse syslog messages >> from many services. >> Let's say I have three services. Each from one use different message >> format. >> For example: >> service1: "service1: srcip dstip" >> service2: "service2: dstip bytes clientid" >> service3: "service3: srcip userid bytes etc" >> Those, on the first field I can define the type of service, but further >> each service has different fields. >> How to handle it properly? >> Build separete "inputs" on different ports and extractors or one input >> and one difficult grok pattern? >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/008cce87-84e6-468b-8e24-30a689b0da21%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
