New field using Pipeline

Guys, good morning!

I am having difficulty creating a field or message by joining two fields I created using extractors. From what I’ve studied, the best way to create this would be with Pipeline.

Below, I set the example I created, but it did not work, can anyone help me?

rule “Request Response”
when
has_field("$message.answer_0110") || has_field("$message.request_0100")
then
let msg = create_message();
let transacao=$message.request_0100;
let resposta=$message.response_0110;
set_field(“transacao”,msg.request_0100);
set_field(“resposta”,msg.response_0110);

route_to_stream(“test”);
end

I created this extractors from messages : request_0100 and response_0110
I created the stream “test” that will receive messages with field finished.
On pipeline connections, would I to set stream test or request_0100 and response_0110?.
Stage default 1.

Am I wrong in anything?

Thanks all!

so what is your target to go?

1. create a new message with only the to fields
2. create a field in the existing message that contains both?

Hi Jan, thanks for reply!

So, I think the best option is “Create a new message with only the two fields”.

Someone can help me?

If you are looking for any kind of SLA / answer in time, please considure to buy professional support. This is the community board where users try to help users - and in spare time Graylog developers try that too…

https://www.graylog.org/contact-sales

You might want to read the docs on the used function: http://docs.graylog.org/en/2.4/pages/pipelines/functions.html#create-message

Hi Jan, sorry, but im not looking for any kind of SLA/answer, how you said, this is the community board where various users try to help.

I did not press you on an answer.

Sorry for the misunderstanding.

Be great!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.