Graylog pipeline: handling null values

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
I have a graylog pipeline rule that extracts a bunch of fields from a json message body

rule "message_json_tofields"
    let json_from_message = regex("^.*]: (.*)",to_string($message.message))["0"];
    let json = parse_json(to_string(json_from_message));
    let props = select_jsonpath(json, {client_ip: "$.client_ip"});
   // repeat for a number of fields
  // field i have having issue with
let props = select_jsonpath(json, {request_headers_cookie: "$.request.headers.cookie"});
    let api_key = key_value(to_string(props["request_headers_cookie"]),";","=");

I am having trouble with the cookie field. I can exact from the json no problem. spliting the string into key_value pairs ended up being easy via key_value. But the crux of my issue is that the field key apiKey, may or may not exist within cookie.
When it doesnt exist the whole pipeline errors

(Error: In call to function 'to_map' at 47:15 an exception was thrown: null)

is there any graceful way to handle the field some times being null?

2. Describe your environment:

  • OS Information: ubuntu 22.04

  • Package Version:

  • Service logs, configurations, and environment variables:

3. What steps have you already taken to try and solve the problem?
tried a bunch of ways to extract the value, but pipeline still errors due to null value

4. How can the community help?
any helpful hints/ideas about graylog pipeline processing

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.