rule "my business logic for device-1"
when
has_field("device-1_M1") &&
has_field("device-1_M2") &&
has_field("device-1_M3") &&
to_double($message."device-1_M2") < 0.8 * to_double($message."device-1_M3") &&
to_double($message."device-1_M1") > 90.0
then
let message = create_message(timestamp:to_date($message.timestamp),
source:"devices-handling-unit-pipeline",
message:"check device measures for device-1");
route_to_stream(id:"59c13f032ab79c00019e0649",message:message);
end
I need to run the same business logic for other multiple devices like device-2, device-3, etc.
What is the most effective way to achieve this functionality?
I can write a custom message processor plugin for this if action was predefined.
But the “action” part of the rule should be editable from browser as well.
Please suggest.
Thank you for your reply. I just wanted to know if above functionality is supported by free version of graylog or not and if yes, then effective way to achieve this.
The Graylog Core did not make any difference between Open Source or Enterprise product.
If that rule is running and giving you the result you like to have you could just copy that rule and make the changes for different devices - one rule for each device.
Well, if that would be feasible then I wouldn’t have asked help here. There may be 100s of devices and repeating similar code for all such devices will not be practical.
What is proper way to request a feature or improvement?
Anything similar to this would be great.
rule "some rule to be run on multiple fields"
for_each_field
get_fields_function()
when
has_field($fieldName)
then
do_some_action()
end
if you like to request a new feature, just go over to github and create a new issue that describes the feature in details and provide a reason why you think that is useful for you and others.
