Hello,
In my journey to get something working for tagging logs I saw this post from @jan
He is talking about “array” , “multi value field”, how can I do this with Pipelines ?
I tried all I can without success.
Hello,
In my journey to get something working for tagging logs I saw this post from @jan
He is talking about “array” , “multi value field”, how can I do this with Pipelines ?
I tried all I can without success.
Thanks for the question! Let me take a guess here. I’m sure it’ll be followed up by several of our expert users in the community.
Graylog’s processing pipelines allow you to modify and manipulate log messages as they are received. Can can create a multi-value field in Graylog, but you need to use the pipeline’s rules to split a single field into multiple fields using the split rule function. The split rule splits the field value by a specified delimiter (in this case, a comma). For example, let m = split(“,\t”, to_string($message.message));
Here’s an example from a community post:
I hope this helps.
Hello @dscryber
Yes, I can confirm that we can achieve this by using “split”
let fields = split(",", to_string(myfield));
set_field("new_tags", fields);
Thanks !
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.