Hey all,
How do I do the logstash equivalent of:
filter {
rest {
request => { url => "http://somecontainer/someaction/%{field}" }
target => "calculated_field"
}
}
I’ve looked into creating a custom function in Rules but that might be a bit over my head. Any other paths to do this? Thanks.
you should be a little more verbose …
did you want to have one input? Did you want to create a lookup_table?
What is the outcome of your action?
Similar to a lookup table but live results.
Field: Domain
api: http://something/Alexa_score/${Domain}
New Field: Alexa_score
So I can get a result indicating an alexa score, or a CVSS score, or an amazon book score, whatever I want to query. It’s trivial in logstash, that’s why I was surprised I couldn’t figure it out.
ok - that is not similar to a lookup table that is a lookup table.
Sorry but you speak in terms that only a person can understand who knows both products - maybe next time you should describe the action you like to do and only give the way it works in another product …
Create your own lookup table and you can add the the lookup from any source you like: http://docs.graylog.org/en/3.0/pages/lookuptables.html
Thanks for the reply.
Somehow I missed this line in the docs regarding lookup tables:
‘…execute HTTP requests to receive the lookup result…’
That’s exactly what I want to do!
My apologies for the terminology, I don’t know either product very well (Graylog or ELK stack).
I wish I could take a 5 day course on it!
Thanks for your help.
shameless advertising:
I wish I could take a 5 day course on it!
We provide a 2 day training regular, depending on your location that is done by us or one of our partners. Or you can book one of our engineers to make a training session onsite at your company. If that is option - contact us!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.