How to set log attack with severity level?

how to change log level into string severity level like info, low, medium,critical?

Sounds like work for pipeline.
Please show actual input and expected output

yeah but i don’t now, how to write pipeline for convert

If it’s standard syslog level, create simple pipeline rule:

rule "convert level to severity"

After that, create new pipeline and attach new rule to stage.

And the best way is to read great graylog manual:

1 Like

thank you very much it’s working

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.