Hi all,
I’m using Graylog 2.5.2. I’m developing a custom function and I’d like to invoke a lookup, already present in the Graylog env.
Is this possible?
How to implement it?
Thanks
Gianluca
Not much information given to go on to help you. What is the custom function? is it in a pipeline? Is it a curl call? show what you are doing and examples of the lookup and what the expected results are… also .2.5.2 is an older version that is very different from the current 3.3.3 in many ways… The question you really have may be outside of what I can help you with but others will be more willing to jump in if you give enough information to pique their interest a little…
Hi @tmacgbay
thanks for your answer.
I try to explain my scenario in order to understand if there is a solution.
I need to create a rule in a pipeline that has to work with a json array (String). It contains a list of email address e.g [“gianluca@gmail.com”, “nexemail@mail.net”, …].
Currently I have a lookuptable that use a csv file to detect the allowed domains (i.e gmail.com).
To perform this request I thought to create a function, i.e. a java code that allow me to have a my function to invoke as I cannot manage list in a single rule
So I’m able to create a custom java code that look the json String, create a forEach and extract the single email, but I don’t know how to invoke the lookup that is present in Graylog system that usa this adapter
So is there a possibility to realize my task?
I hope I explain better my requirements
Thanks a lot
Gianluca
While you may lose some of the graylog adapter caching in the lookup it seems to me if you are already handling parsing the json with external java you might as well continue in java to pull the comparison against the csv file and inject the resulting message into Graylog.
If that works, you next project might be upgrading Graylog 
You are right,
but I should manage the CVS file when it is updated. I believed that there was the possibility to use the already existing graylog adapter cache and work using it in order to delegate the file management to it.
Thanks for your help
I will schedule the graylog update even if it is not simple to convince the clients 
There is a big difference on how search is works/looks with the current version that some people don’t like (happens starting at 3.0) - make sure you prep your users ahead of time! 
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.