We’re attempting to ingest CSV files from a few different sources, but as an example generally they are structured as below:
ID,AuditIndex,Authentication,CSPSessionID,ClientExecutableName User1,1865062,Password,WjqwJMukW2,CSPap.so User2,1865063,Password,RfkqkMruqM2,CSPap.so
In attempting to write pipeline rules to properly break up and label all these values, the issue I’m running into is that there doesn’t seem to be any functionality that allows me to loop through all lines ingested to apply these rules. Using a lookup table to temporarily store and process won’t work for me either, as the CSV I’m ingesting uses no quote characters and the CSV data adapter doesn’t seem to like this.
Is there any way to loop through pipeline rules in the current graylog version that I’m not seeing? Or am I approaching this the wrong way entirely?