Re: [graylog2] what is the best way of creating fields in graylog?
On Thu, Jun 23, 2016 at 6:00 AM, Jan Dobersteinwrote: > Pipeline is stored in the MongoDB and shared with all Servers. > As this (pipelines) is the future and extractors will become part of > the pipeline you should look into them. > OK, so to restore existing pipeline configs after a reinstall, would that just be restoring pipeline_processor_pipelines* from backup, or would more mongodb fiddling be required? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAFChrgLFXMSwe6ecVTX5TOM1gfCFhVKFNtHgbwxZjo%3DbOmthCA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] what is the best way of creating fields in graylog?
Hi there I've been happily creating extractors in graylog, and have the problem of keeping them synced between my 3 Syslog INPUT channels (ie UDP, TCP and TCP/TLS). As we are moving from a single graylog server to two, keeping such things in sync becomes critical. So I'm thinking of migrating them to some "sharable" format - and want to ensure performance is optimized too of course So what is the "official" best way of creating fields out of data? Drools? Pipeline? The (experimental) latter appears to be database-based - is that automagically shared between graylog servers? With drools, the rules file would be trivial to share - but I guess you have to restart graylog to reload it? Thanks -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAFChrgJwVn_UEj7rqzQP1SJZz%3DvzdkuR7WPu45sFjJtP4CmrnQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.