Hi Anant, On Tuesday, 10 January 2017 15:52:05 UTC+1, Anant Sawant wrote: > > Q1. Is it possible to use custom fields into drool rules. > Q2. If possible where can I find the docs which tells how to do it. >
Yes, you can use custom fields in Drools rules, but you have to use the getField() method. See http://docs.graylog.org/en/2.1/pages/drools.html for details. > Q3. If a rule such as "Rewrite source host" mentioned above is > successfully executed, does the original log is stored into elasticsearch > or the modified logs is stored or are both logs stored? > Only the modified message will be indexed into Elasticsearch. > Q4. Is it possible to have multiple .drl file or only one file will have > multiple rules? > No, you can only use 1 Drools rules file but it can contain multiple rules. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/11e20c17-48e8-45b1-9646-f4cfaf76d4ae%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
