Hi Ajay,
make sure that you only have exactly 1 stream with the name of your device
(e. g. "1244-5124").
Unfortunately, the stream names don't have to be unique but the
route_to_stream expects to only find 1 stream matching the name.
Cheers,
Jochen
On Thursday, 8 September 2016 10:23:06 UTC+2, Ajay Kumar wrote:
>
> Hi All,
>
> I am trying to automate the stream routing by getting stream name from one
> of the message field.
>
> message:
>
> date=2016-08-09 time=20:20:20 devid=1244-5124 logid=123 logmsg="test"
>
> My pipeline rule:
>
> rule "pipelinerule1"
> when
> has_field("logid")
> then
> set_field("alert", "yes");
> let ruleroute = to_string($message.devid);
> set_field("ruleroute", ruleroute);
> route_to_stream(name: ruleroute);
> end
>
> Error message:
>
> gl2_processing_error
> For rule 'pipelinerule1': In call to function 'route_to_stream' at 8:4 an
> exception was thrown: Multiple entries with same key:
> string=57cfba54ad0b4b09fe3fde0f: "string" and
> string=57cfba51ad0b4b09fe3fde09: "string". To index multiple values under a
> key, use Multimaps.index.
>
> I can see "ruleroute" as a field in message with value captured from
> devid.
>
> Please help me here.
>
> Regards,
>
> Jay
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/9f1f9c75-7437-46ab-a1ad-ee5fba8ec914%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
