Issue with Key=Value Parser Pipeline for specific log-messages

shoothub · April 26, 2021, 2:27pm

Try to use this, I’ve added parameters to remove "{} from key and values. But, it’s not perfect, because of Country contains json.

rule "key_value_parser"
when
    has_field("Full_Response")
then
    set_fields(
        fields:
            key_value(
                value: to_string($message.Full_Response),
                delimiters:",",
                kv_delimiters:":",
                trim_key_chars:"\"",
                trim_value_chars: "\"{}")
            );
end

Topic		Replies	Views
Can Someone Help me Graylog Central (peer support) pipeline-rules	5	467	July 20, 2022
Key:value extractor Graylog Central (peer support) pipeline-rules	3	1271	November 5, 2020
Pipeline rule to extract key-value pair not working Graylog Central (peer support) pipeline-rules	20	2347	April 23, 2022
Key_value in pipelines vs key_value on "input extractors" Graylog Central (peer support)	0	1567	April 13, 2017
Graylog Extraktor with lookup table Graylog Central (peer support) pipeline-rules	14	2126	May 7, 2018

Issue with Key=Value Parser Pipeline for specific log-messages

Related topics