Create unique id for each log

jaikumarkrishna · July 1, 2019, 1:14pm

In pipeline rule i want unique ID for my every log input.

Mar 18 06:25:03 ADSHUB
Mar 18 06:35:01 ADSHUB
Mar 18 06:35:01 ADSHUB
Mar 18 06:39:01 ADSHUB
Mar 18 06:39:01 ADSHUB
Mar 18 06:45:01 ADSHUB
Mar 18 06:45:01 ADSHUB

rule "IISLogs"

when

has_field(“message”)

then

let pattern = “%{ServerLog}”;

let matches = grok(pattern: pattern, value: to_string($message.message));

set_fields(matches);

set_field(“LogCreated”, to_date($message.“timestamp”));

set_field(“Hostname”, to_string($message.“host”));
end

I want to add unique id (UID) for all the above inputs in pipeline rule .
Timestamp: Mar 18 06:39:01
HOST: ADSHUB
UID: U1(Unique id with any combination)

Is there any function avail or how i can implement this UID in pipeline rule?

Thanks

Christoph · July 1, 2019, 1:24pm

What is the UID?
You can do a hashing with sha256 or sha512 to create a uinque id from your log.

smblair · July 1, 2019, 5:19pm

uuidgen is included in util-linux package. It can generate either a time or random-based UUID.

jan · July 2, 2019, 2:26am

take some kind of hashing that takes the dates and some additional.

Or make use of the hidden fields in graylog that already hold a unique id for each message.

jaikumarkrishna · July 2, 2019, 8:55am

thanks Jan… Let me try…

system · July 16, 2019, 8:55am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.