I am currently pulling PFSense logs into Graylog and want to interface it with Grafana. I have the datasource set up, but it wont pull any data because its looking for the value src_ip and not SourceIP, which is how Graylog is seeing it. I’ve already set up the rule for converting the UTC timestamp into real_timestamp, but cannot figure out the rule for converting SourceIP to src_ip, or copying that field data into a new field
you can do it with extractors or with pipeline.
I’m aware that I CAN do it, I’m just having trouble doing it. I could use assistance on the Pipeline rule to add this.
oh, in this case, do whateveryouwant, whereveryouwant.
please share information, and we can do something with it. without it what would you like?
without information we can’t find a mistype, or a logical error.
I am looking to fix this that is currently not working to copy the sourceip value and put it in src_ip field.
rule “set_source_ip”
when
has_field(“sourceip”)
then
set_field(“src_ip”, “sourceip”);
end
if you check the graylog docs do you see any difference between your and the docs’ field usage?
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.