Create a new pipeline for Threat Intel

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:

I’ve created a new extractor to have a new field name as src_ip. So when I go through the streams, I see my new field, and everything seems fine.

I created the pipeline like the example.

I do not see the additional field and I do not see anything in the log file [ server.log]

2. Describe your environment:

  • OS Information:

Linux RedHat

  • Package Version:

I’m on the latest version of Graylog; 4.3.2-1

Hello && Welcome @MickGraylog1

Did you enable the plugin? System–> Content Packs show show if its installed.
Can you show the pipeline that was created?

Hello! :slight_smile:
I’m so sorry, that was a simple solution: Processor first was the Pipeline and not the Message filter.

I Couldn’t extract the field I want to put into my rule.

Thank you again!

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.