This is a share rather than a question, I got my pipeline rule working with the help of Jan Doberstein and wanted to share. I want to set a field "exception" with value of "true" when there is a match of "*xception" in the message field of an inbound message. I had mistakenly been using a condition of == to match, so my when statement looked like
contains(to_string($message.message)) == "xception" But instead I need it to be contains(to_string($message.message), "xception") So now my entire rule is rule "backup query exception alerts" when contains(to_string($message.feature), "BackupQuery 2.0") AND contains(to_string($message.message), "xception") then set_field("exception", "true"); end Perhaps this example can help someone else who was running up against what I was. John -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/1e943e86-8686-4c14-ad00-e655704cea5a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.