Hi there I've been happily creating extractors in graylog, and have the problem of keeping them synced between my 3 Syslog INPUT channels (ie UDP, TCP and TCP/TLS). As we are moving from a single graylog server to two, keeping such things in sync becomes critical. So I'm thinking of migrating them to some "sharable" format - and want to ensure performance is optimized too of course
So what is the "official" best way of creating fields out of data? Drools? Pipeline? The (experimental) latter appears to be database-based - is that automagically shared between graylog servers? With drools, the rules file would be trivial to share - but I guess you have to restart graylog to reload it? Thanks -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAFChrgJwVn_UEj7rqzQP1SJZz%3DvzdkuR7WPu45sFjJtP4CmrnQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
