> > > Using the new processing pipelines in Graylog 2.x (see > http://docs.graylog.org/en/2.0/pages/pipelines.html for details), you > could also use 1 input and run different rules for each source > device/service. >
In the case of "pipelines" each string will processed two times, This may have an effect under heavy loads. Right? > > Cheers, > Jochen > > On Tuesday, 21 June 2016 10:44:45 UTC+2, Андрей Грошев wrote: >> >> Hello people! >> I newbie in graylog and I want understand how right parse syslog messages >> from many services. >> Let's say I have three services. Each from one use different message >> format. >> For example: >> service1: "service1: srcip dstip" >> service2: "service2: dstip bytes clientid" >> service3: "service3: srcip userid bytes etc" >> Those, on the first field I can define the type of service, but further >> each service has different fields. >> How to handle it properly? >> Build separete "inputs" on different ports and extractors or one input >> and one difficult grok pattern? >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/008cce87-84e6-468b-8e24-30a689b0da21%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
