Hi Ajay,
make sure that you only have exactly 1 stream with the name of your device
(e. g. "1244-5124").
Unfortunately, the stream names don't have to be unique but the
route_to_stream expects to only find 1 stream matching the name.
Cheers,
Jochen
On Thursday, 8 September 2016 10:23:06 UTC+2, Ajay Kumar wrote:
>
> Hi All,
>
> I am trying to automate the stream routing by getting stream name from one
> of the message field.
>
> message:
>
> date=2016-08-09 time=20:20:20 devid=1244-5124 logid=123 logmsg="test"
>
> My pipeline rule:
>
> rule "pipelinerule1"
> when
> has_field("logid")
> then
> set_field("alert", "yes");
> let ruleroute = to_string($message.devid);
> set_field("ruleroute", ruleroute);
> route_to_stream(name: ruleroute);
> end
>
> Error message:
>
> gl2_processing_error
> For rule 'pipelinerule1': In call to function 'route_to_stream' at 8:4 an
> exception was thrown: Multiple entries with same key:
> string=57cfba54ad0b4b09fe3fde0f: "string" and
> string=57cfba51ad0b4b09fe3fde09: "string". To index multiple values under a
> key, use Multimaps.index.
>
> I can see "ruleroute" as a field in message with value captured from
> devid.
>
> Please help me here.
>
> Regards,
>
> Jay
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/9f1f9c75-7437-46ab-a1ad-ee5fba8ec914%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
