Once again thanks Jochen.
It was my mistake as I was testing REST API so due to multiple trigger
duplicate stream got created.
Now this is working perfectly fine.
On Thursday, September 8, 2016 at 6:27:08 PM UTC+5:30, Jochen Schalanda
wrote:
>
> Hi Ajay,
>
> make sure that you only have exactly 1 stream with the name of your device
> (e. g. "1244-5124").
>
> Unfortunately, the stream names don't have to be unique but the
> route_to_stream expects to only find 1 stream matching the name.
>
> Cheers,
> Jochen
>
> On Thursday, 8 September 2016 10:23:06 UTC+2, Ajay Kumar wrote:
>>
>> Hi All,
>>
>> I am trying to automate the stream routing by getting stream name from
>> one of the message field.
>>
>> message:
>>
>> date=2016-08-09 time=20:20:20 devid=1244-5124 logid=123 logmsg="test"
>>
>> My pipeline rule:
>>
>> rule "pipelinerule1"
>> when
>> has_field("logid")
>> then
>> set_field("alert", "yes");
>> let ruleroute = to_string($message.devid);
>> set_field("ruleroute", ruleroute);
>> route_to_stream(name: ruleroute);
>> end
>>
>> Error message:
>>
>> gl2_processing_error
>> For rule 'pipelinerule1': In call to function 'route_to_stream' at 8:4 an
>> exception was thrown: Multiple entries with same key:
>> string=57cfba54ad0b4b09fe3fde0f: "string" and
>> string=57cfba51ad0b4b09fe3fde09: "string". To index multiple values under a
>> key, use Multimaps.index.
>>
>> I can see "ruleroute" as a field in message with value captured from
>> devid.
>>
>> Please help me here.
>>
>> Regards,
>>
>> Jay
>>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/c2513590-ac37-4add-86bb-38c0a5b76f45%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
