Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
this is the pipeline rule to get the information of ghost blog log that is started/monitored by systemd into useful fields in graylog
rule "extract_ghost_blog_from_systemd_log"
when
has_field("programname") AND to_string($message.programname) == "Ghost"
then
let message_field = to_string($message.message);
let action = grok(pattern: "%{COMBINEDAPACHELOG}", value: message_field);
set_fields(action);
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment