Hi there
I'm trying to get my first pipeline working - without any luck
I have checked and "pipeline processor" is #1 in "Message Processors
Configuration", and consists of one pipeline, with one stage which contains
one rule. The rule is
rule "My little pony"
when
has_field("dont_like_cricket")
then
drop_message();
end
I can see on the "Pipeline overview" page that it's processing the entire
incoming feed.
What I have is a Syslog Input channel which I have the Input adding the
field "dont_like_cricket" to every incoming record (ie tagging it as
different from other Inputs). If I search graylog, I can see the records
contain the field "dont_like_cricket". But this pipeline never triggers - I
still see the records that should have been dropped.
My end-game is obviously a little more complicated, but even this doesn't
work - so 'baby steps' :-)
Any ideas? Also, I really only want this pipeline on one Input channel - do
they have to be "universal"?
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/CAFChrgJNhTrS%3DToy6UhfrMpfoP6RwswNvVv0LWaq6ifhPCF0Fg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
