how to change log level into string severity level like info, low, medium,critical?
Sounds like work for pipeline.
Please show actual input and expected output
yeah but i don’t now, how to write pipeline for convert
If it’s standard syslog level, create simple pipeline rule:
rule "convert level to severity"
when
has_field("level")
then
set_field("severity",syslog_level($message.level));
end
After that, create new pipeline and attach new rule to stage.
And the best way is to read great graylog manual:
https://docs.graylog.org/en/3.1/pages/pipelines.html
thank you very much it’s working
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.