Hi All,
I am trying to automate the stream routing by getting stream name from one
of the message field.
message:
date=2016-08-09 time=20:20:20 devid=1244-5124 logid=123 logmsg="test"
My pipeline rule:
rule "pipelinerule1"
when
has_field("logid")
then
set_field("alert", "yes");
let ruleroute = to_string($message.devid);
set_field("ruleroute", ruleroute);
route_to_stream(name: ruleroute);
end
Error message:
gl2_processing_error
For rule 'pipelinerule1': In call to function 'route_to_stream' at 8:4 an
exception was thrown: Multiple entries with same key:
string=57cfba54ad0b4b09fe3fde0f: "string" and
string=57cfba51ad0b4b09fe3fde09: "string". To index multiple values under a
key, use Multimaps.index.
I can see "ruleroute" as a field in message with value captured from devid.
Please help me here.
Regards,
Jay
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/8f5bfed0-5a5d-40e1-87a7-70d498f3db6e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
