Graylog Community

All rules pipelines in one rule

Graylog Central (peer support)

gcolmant (Colmant) March 4, 2020, 9:19am 1

Hi , i have something to do ,
i have many rules , they are the same but for different host
exemple :

rule " set hostname (GXXXXXX Wildix)"
when
has_field(“source”) AND
to_string($message.source) == “XXXXXXXXXXXX”
then
set_field(“source”,“Wildix_CXXXXXX”);
end
or

rule " set hostname (CXXXXXX Wildix)"
when
has_field(“source”) AND
to_string($message.source) == “XXXXXXXXXX”
then
set_field(“source”,"Wildix_CXXXXXX ");
end

it is possible to regroup all in one rules ?

Thank you

Ponet (Jesse Hills) March 4, 2020, 9:39am 2

A lookup table is probably what you want to use for this.

https://docs.graylog.org/en/latest/pages/lookuptables.html

system (system) Closed March 18, 2020, 9:39am 3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views	Activity
Change source name PIPELINES Graylog Central (peer support)	6	1961	November 29, 2019
Another try at pipeline rules Graylog Central (peer support) pipeline-rules , debuggingpl	5	1193	August 2, 2017
Pipeline rules problem Graylog Central (peer support) pipeline-rules	4	783	March 10, 2022
Graylog Rules and Pipeline not working Graylog Central (peer support) pipeline-rules	1	516	April 26, 2018
Slookup, Pipeline Rule Graylog Add-ons pipeline-rules	1	820	September 21, 2018