IP Address Check / Match

arrmo · May 21, 2020, 12:43am

Hi,

I’m struggling a bit with a rule here - I have added it below (the when clause),

when
    $message.gl2_remote_ip == to_ip("192.168.2.6")
    OR to_string($message.gl2_remote_ip) == "192.168.2.6"

What’s confusing me is … when a message arrives, and gl2_remote_ip is matching (192.168.2.6) … the second check does work, but not the first. Does this make sense?

Thanks!

MajesticCo · May 21, 2020, 12:32pm

Hey,

The reason the first check is failing is because gl2_remote_ip isn’t actually stored as an IP address, rather it’s stored as a keyword/string. If you want to compare it to an ip object you need to convert it to an IP too: https://docs.graylog.org/en/3.2/pages/pipelines/rules.html

“… Note the call to to_ip around the gl2_remote_ip field reference. This is necessary since the field is stored as a string internally…”

arrmo · May 21, 2020, 12:49pm

Well, now that makes sense … LOL! So the second condition, no reason to need / use to_string(), right?

Thanks!

system · June 4, 2020, 12:49pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Issue with gl2_remote_ip Graylog Central (peer support) pipeline-rules , debuggingpl	4	3041	February 27, 2018
How to use gl2_remote_ip in Stream-Rule Graylog Central (peer support) pipeline-rules	5	3909	November 30, 2017
FIlter IP range in Pipeline Graylog Tech Challenges pipeline-rules , debuggingpl	6	1544	July 26, 2021
Pipeline rules problem Graylog Central (peer support) pipeline-rules	4	870	March 10, 2022
Use the API to query for the source IP (g2_remote_ip) over a specified timeframe Graylog Central (peer support)	2	479	September 23, 2019

IP Address Check / Match

Related Topics