Create unique id for each log

In pipeline rule i want unique ID for my every log input.

Mar 18 06:25:03 ADSHUB
Mar 18 06:35:01 ADSHUB
Mar 18 06:35:01 ADSHUB
Mar 18 06:39:01 ADSHUB
Mar 18 06:39:01 ADSHUB
Mar 18 06:45:01 ADSHUB
Mar 18 06:45:01 ADSHUB

rule "IISLogs"




let pattern = “%{ServerLog}”;

let matches = grok(pattern: pattern, value: to_string($message.message));


set_field(“LogCreated”, to_date($message.“timestamp”));

set_field(“Hostname”, to_string($message.“host”));

I want to add unique id (UID) for all the above inputs in pipeline rule .
Timestamp: Mar 18 06:39:01
UID: U1(Unique id with any combination)

Is there any function avail or how i can implement this UID in pipeline rule?


What is the UID?
You can do a hashing with sha256 or sha512 to create a uinque id from your log.

1 Like

uuidgen is included in util-linux package. It can generate either a time or random-based UUID.

1 Like

take some kind of hashing that takes the dates and some additional.

Or make use of the hidden fields in graylog that already hold a unique id for each message.

1 Like

thanks Jan… Let me try…

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.