bmanojlovic/server.drl

## server.drl
import org.graylog2.plugin.Message

rule "Drop vmware guest crap"
    when
        m : Message( getField("message") matches "\\[ warning\\] \\[vmusr:vmusr\\] Error in the RPC receive loop: RpcIn.*" );
    then
        m.setFilterOut(true);
        #System.out.println( "[DROOL] : " + m.toString() ); # too verbose crap...
end

rule "Drop ESX cosmetic crap"
    when
        m : Message( getField("full_message") matches "Hostd.*Unable.to.parse.(Min|Max)Ram(PerCpu)?.value.*" )
    then
        m.setFilterOut(true);
        System.out.println( "[DROOL] : " + m.toString() );
end

rule "Drop hostd spam"
    when
       m : Message( getField("full_message") matches ".*Malformed.guest.uptime.string.*" )
    then
       m.setFilterOut(true);
end
	import org.graylog2.plugin.Message

	rule "Drop vmware guest crap"
	when
	m : Message( getField("message") matches "\\[ warning\\] \\[vmusr:vmusr\\] Error in the RPC receive loop: RpcIn.*" );
	then
	m.setFilterOut(true);
	#System.out.println( "[DROOL] : " + m.toString() ); # too verbose crap...
	end

	rule "Drop ESX cosmetic crap"
	when
	m : Message( getField("full_message") matches "Hostd.Unable.to.parse.(Min\|Max)Ram(PerCpu)?.value." )
	then
	m.setFilterOut(true);
	System.out.println( "[DROOL] : " + m.toString() );
	end

	rule "Drop hostd spam"
	when
	m : Message( getField("full_message") matches ".Malformed.guest.uptime.string." )
	then
	m.setFilterOut(true);
	end