Hi Anant, On Tuesday, 10 January 2017 15:52:05 UTC+1, Anant Sawant wrote: > > Q1. Is it possible to use custom fields into drool rules. > Q2. If possible where can I find the docs which tells how to do it. >
Yes, you can use custom fields in Drools rules, but you have to use the getField() method. See http://docs.graylog.org/en/2.1/pages/drools.html for details. > Q3. If a rule such as "Rewrite source host" mentioned above is > successfully executed, does the original log is stored into elasticsearch > or the modified logs is stored or are both logs stored? > Only the modified message will be indexed into Elasticsearch. > Q4. Is it possible to have multiple .drl file or only one file will have > multiple rules? > No, you can only use 1 Drools rules file but it can contain multiple rules. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/11e20c17-48e8-45b1-9646-f4cfaf76d4ae%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
