Hey @joseraeiro
Short answer is yes. I get by with pipelines but @tmacgbay is very good at it. I normally refer to his expertise on this issue.
Not 100% sure but I believe a regex inside this pipeline maybe will do the trick.
In the forum I found something like this.
rule "R-DeviceID Regex Replacement"
when
has_field("R-DeviceID")
then
let N_DeviceID = regex_replace("(\\d+)\\/(\\d+)\\/(\\d+)\\/(\\d+)\\:(\\d+)\\.(\\d+)\\.(\\d+)",to_string($message."R-DeviceID"),"$3-$4-$5-$6-$7",true);
set_field("R-DeviceID", N_DeviceID);
end
Graylog has two that i see.
-
regex_replace(pattern, value, replacement, [replace_all]) : String
-
replace(value, search, [replacement], [max]) : String
NOTE: I found this example.
Sorry this is out of my knowledge on modifing field data with Pipeline. honestly, I fix before it hits graylog and some instances I used a extractor.