Hi there
I'm trying to get my first pipeline working - without any luck
I have checked and "pipeline processor" is #1 in "Message Processors
Configuration", and consists of one pipeline, with one stage which contains
one rule. The rule is
rule "My little pony"
when
has_field("dont_like_cricket")
then
drop_message();
end
I can see on the "Pipeline overview" page that it's processing the entire
incoming feed.
What I have is a Syslog Input channel which I have the Input adding the
field "dont_like_cricket" to every incoming record (ie tagging it as
different from other Inputs). If I search graylog, I can see the records
contain the field "dont_like_cricket". But this pipeline never triggers - I
still see the records that should have been dropped.
My end-game is obviously a little more complicated, but even this doesn't
work - so 'baby steps' :-)
Any ideas? Also, I really only want this pipeline on one Input channel - do
they have to be "universal"?
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/CAFChrgJNhTrS%3DToy6UhfrMpfoP6RwswNvVv0LWaq6ifhPCF0Fg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
