Input Extractor: change field value based on _another_ field

sfuerte · January 9, 2019, 5:35pm

Problem
Have some logs coming from Docker containers via GELF UDP.

Messages in question are:

level: 6
message: .* PHP Fatal error: .*

I can process them by routing to a new stream and pipeline in it, but don’t think it’s the right way to do it. Moreover, I need them to be in already existing stream.

Goal
how to set up an extractor, that by matching message field, would set a specific value to level field?

PS: and that’s completely another question why Dev’s didn’t catch and log those exception properly

jan · January 10, 2019, 7:01am

the processing pipeline is build to solve your problem.

system · January 24, 2019, 7:02am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog Extraktor with lookup table Graylog Central (peer support) pipeline-rules	14	1993	May 7, 2018
Extractor help needed Graylog Central (peer support)	2	722	March 15, 2021
Compounds with different value after extraction Graylog Central (peer support) windows , nxlog , gelf	8	362	May 28, 2023
Pipeline rule to extract key-value pair not working Graylog Central (peer support) pipeline-rules	20	1943	April 23, 2022
Pipeline - Create field with value from another field Graylog Central (peer support) pipeline-rules	3	2257	January 20, 2020

Input Extractor: change field value based on _another_ field

Related Topics