Array Data Type Supported by Graylog

Graylog Central (peer support)
,
1

I am trying to create a rule in my pipeline where I can store (either programmatically or by hard-coding it) an array in my message.

Below is my code:

rule "sample_rule"
when
    to_string($message.desired_column_name) == "test_value"
then
    let msg = create_message("", "");
    let id = to_string($message.desired_column_name);
    let labels = ["FOO", "BAR"]; <<<<<<<<<<<<< Trying to store as an array here, but array data type is not (natively)supported.
    set_field("id", id, "", "", msg);
    set_field("labels", labels, "", "", msg);
    route_to_stream("output_stream", "", msg);
end

I’ve gone through the docs and a couple of community posts as well, but haven’t found anything that really says that arrays are supported.

Is there a way to have a variable of the array data type in the Graylog Pipeline, perhaps by some plugin?

2

you would like to create a feature request over at github:

You can save that as array as a string, but not the way you did.

3

hey @jan, I’m actually curious as to how we would be able to do that; could you please let me know how I can go about it?
Thanks in advance!

4 
set_field("id", "msg");
5

Oh, I’m sorry for not having been more descriptive, I wanted to know how to go about raising the feature request and subsequently working on it.

6

Move over to Github - in the Graylog server repository create a new issue, describe the feature you want to have, give context why you want that.
~once a week the developers look at new issues and that if seen as doable will be placed on the roadmap.

1 Like
7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.