In the question I told this morning (https://community.graylog.org/t/custom-grok-pattern/6760?u=abh, I now create two fields : xx_tag and xx_value.
The next step for me is to create for each value of xx_tag a new field who’s name is the value of xx_tag, and whos value is value is the value of xx_value
I tried to use a pipeline and the “set_field” function but it seems that the field name created cannot come from the value of another field.
Does somebody have an idea ?
have you tried to use to_string() function. maybe it doesn’t recognize the current type of field
You can check to following informations
http://docs.graylog.org/en/2.4/pages/pipelines/functions.html
https://community.graylog.org/t/pipeline-concat/6762
I have following rule :
rule “xx rule”
when
has_field(“values”)
then
set_field(to_string($message.xx_tag.field), $message.xx_value.field);
end
The syntax seems to be correct (I can save it) but there is no trace from any created field when I search in Graylog.
did you used the rule what you posted?
the “.filed” part don’t needed.
eg.: to_string($message.source)
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
