Help with pipeline


(Martijn Langendoen) #1

Hello,

I want to rewrite the source field where a Message begins with “WIFI-”

my pipeline rule:

rule “rewrite wifi source”
when
to_bool(regex("^WIFI-",to_string($message.source)).matches)
then
set_field(“source”, “wlc01”);
end

but i can’t get it working! please help!


(Jochen) #2

Please format your posts for better readability: https://help.github.com/articles/creating-and-highlighting-code-blocks/

What have you done so far and what doesn’t work exactly?


(Martijn Langendoen) #3

hello,

this is the original message:
WIFI-LOGIN wlc01.zebi.nl AP=ZVL-TNZ1 SSID=“Bibliotheek Guest” USER="" IP=10.0.205.141 MAC=f0:ee:10:fb:da:20

and the source is mdb-vl-tftp

what i want is rewrite the source to “wlc01”

but with my pipeline rule it never changed the source so i think that the regex line is not right?


(Jochen) #4

You’re running the regular expression against the wrong message field (“source” instead of “message”).


(Martijn Langendoen) #5

ohh yes i see. in the simulator works but not in the streams where the rule is applyed

what can that be?


(Jochen) #6

Pretty much anything. I don’t see what you put into the simulator in the first place. :wink:


(Martijn Langendoen) #7


(Jochen) #8

Interesting, but that wasn’t the rule you’ve posted above (because it would’ve checked the “source” field and not the “message” field).

If you can reproduce this behavior (simulator being successful even if the rule doesn’t match the message), please create a bug report at https://github.com/Graylog2/graylog2-server/issues.


(system) #9

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.