# filters tinc messages
{
  resource."graylog_pipeline_rule" = {

    routeToTincMessage = {

      description = "route tinc messages to tinc stream (TF)";
      source = ''
        rule "route tinc message"
        when
          to_string($message.facility) == "tincd"
        then
          route_to_stream(id:"''${ graylog_stream.tinc.id }", remove_from_default: true);
        end
      '';
    };

    tincJunk = {
      source = ''
        rule "mark and route tinc junk"
        when
          starts_with(to_string($message.message), "Received short packet")
        then
          drop_message();
          //set_field("is_junk", true);
          //route_to_stream(id:"''${graylog_stream.junk.id}", remove_from_default: true);
        end
      '';
      description = "mark tinc noise as junk (TF)";
    };

  };

  graylog.all_messages.rules = [ "route tinc message" ];

  graylog.stream.tinc = {
    index_set_id = "\${data.graylog_index_set.default.id}";
    pipelines = [ "\${graylog_pipeline.processTincMessage.id}" ];
  };

  graylog.pipeline.processTincMessage = {
    source = ''
      stage 0 match all
        rule "mark and route tinc junk";
    '';
    description = "process messages of the tinc stream(TF)";
  };

}