This is a share rather than a question, I got my pipeline rule working with
the help of Jan Doberstein and wanted to share. I want to set a field
"exception" with value of "true" when there is a match of "*xception" in
the message field of an inbound message. I had mistakenly been using a
condition of == to match, so my when statement looked like
contains(to_string($message.message)) == "xception"
But instead I need it to be
contains(to_string($message.message), "xception")
So now my entire rule is
rule "backup query exception alerts"
when contains(to_string($message.feature), "BackupQuery 2.0") AND
contains(to_string($message.message), "xception")
then
set_field("exception", "true");
end
Perhaps this example can help someone else who was running up against what
I was.
John
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/1e943e86-8686-4c14-ad00-e655704cea5a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
