In the first blog post of our new Tips & Tricks series, I want to show
you a quick way to debug your stream rules to test whether your targeted
messages will accurately be matched by a Graylog
how you do it.
Expand any message on a search results page and hit the
“Test against stream” dropdown to select a stream:
You will be redirected to the rules page of the stream you selected with
the message already loaded and an overview of which stream rules matched
and which did not. In the example below, our message did not get routed
into the stream, as evidenced by the notification in red. The field
in our message is 200 and does not match the
Red is not always bad. In some cases, you may purposely not want certain
messages to route to a stream, and this test can serve as a confirmation
of that. Whatever your situation, knowing exactly what messages are
being routed or not into your streams helps to confirm and debug your
stream rules if anything is wrong.
I hope this saves a few minutes in your day. Stay tuned for the next Tips & Tricks installment!