Hello,
Using Graylog 4.2.5.
I am writing what seemed to be a simple pipeline rule which must do a DNS TXT lookup.
I have defined a data adapter, cache and lookup table and they work.
However, the data it returns looks like this:
{
“single_value”: null,
“multi_value”: {
“raw_results”: [
{
“value”: “The string I want”,
“dns_ttl”: 14400
}
]
},
“string_list_value”: [
“The string I want”
],
“has_error”: false,
“ttl”: 14400000
}
And I can’t find a way to process this from a pipeline rule.
If I do this,
let ans = lookup(thetable, key)
But I can’t find a way at all to parse the result. raw_results is an array as far as I understand, and indeed if I do:
set_fields(ans)
This is the field created by Graylog:
[{“value”:“The string I want”,“dns_ttl”:14400}]
Is there any way to address this? Or have I hit a dead end or bug?
Thanks!