This is a share rather than a question, I got my pipeline rule working with
the help of Jan Doberstein and wanted to share. I want to set a field
"exception" with value of "true" when there is a match of "*xception" in
the message field of an inbound message. I had mistakenly been using a
condition of == to match, so my when statement looked like
contains(to_string($message.message)) == "xception"
But instead I need it to be
contains(to_string($message.message), "xception")
So now my entire rule is
rule "backup query exception alerts"
when contains(to_string($message.feature), "BackupQuery 2.0") AND
contains(to_string($message.message), "xception")
then
set_field("exception", "true");
end
Perhaps this example can help someone else who was running up against what
I was.
John
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/1e943e86-8686-4c14-ad00-e655704cea5a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
