Extractor with Lookup Table

ave314 · January 7, 2019, 8:36pm

Hi everyone,

I’m using a lookup table with MAC Addresse and AP Names.

I don’t understand why my extractor is missing everything.

I have a pipeline that process those message first, and then I expect my extractor to extract and add a field with the associated value from the lookup table.

ave314 · January 7, 2019, 8:43pm

I was able to use a rule in my pipeline instead of that extractor.

rule "Convert BSSID to DeviceName"
when
  has_field("bssid")
then
  let name = lookup_value("unifi-device-name", $message.bssid);
  set_field("DeviceName", name);
end

jan · January 8, 2019, 7:45am

using extractors or processing pipelines is the better idea - depending on your processing order some information might not be given for the other system. As extractors might run before the processing pipelines.

ave314 · January 8, 2019, 2:02pm

I have placed Message Filter Chain on top of the Pipeline Processor.

Are extractors run by the Message Filter Chain or somewhere else in the chain?

system · January 22, 2019, 2:02pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog Extraktor with lookup table Graylog Central (peer support) pipeline-rules	14	1992	May 7, 2018
Feedback on combining message data for lookup Graylog Central (peer support) pipeline-rules	2	339	May 13, 2020
Extractors not functioning in Pipeline Processor Graylog Central (peer support) pipeline-rules	7	2585	March 29, 2020
Stream -> pipeline And Input Extractor clarification Graylog Central (peer support) pipeline-rules , route-to-streampl	12	8680	July 3, 2018
Pipeline simulator and message fields Graylog Central (peer support)	6	4001	April 5, 2018

Extractor with Lookup Table

Related Topics