Hi,
You have to use the to_long()
<http://docs.graylog.org/en/2.1/pages/pipelines/functions.html#to-long>
function to ensure that $message.state is a numeric value.
rule "testing state"
when
($message.source == "ngmp_esme_logs") && (to_long($message.state) == 3032)
then
// ...
end
Cheers,
Jochen
On Friday, 9 December 2016 09:07:52 UTC+1, vivek reddy wrote:
>
> when i use this rule
> its properly setting the statediff field to $message.state
>
> rule "testing state"
> when
> ($message.source == "ngmp_esme_logs")
> then
> let x = $message.state;
> set_field("statediff",x);
> route_to_stream("ngmp state difference");
> end
>
> *but when i use this rule pipeline is not setting the statediff field*
>
> rule "testing state"
> when
> ($message.source == "ngmp_esme_logs") && ($message.state == 3032)
> then
> let x = $message.state;
> set_field("statediff",x);
> route_to_stream("ngmp state difference");
> end
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/6171803d-38b7-40b8-9890-8e9f476c6fdb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
