Hello,
I’m trying to parse a bitwise value from a Windows event log (values from this table) in Graylog 5.2.12 (upgrade to 6.1 is planned before the end of the year).
I’d like to get something like that:
- 0x00001 = R
- 0x00003 = RW
- 0x10007 = RWXD
The end goal is to display this value in alerts generated by graylog.
However, I’m unable to find a way to parse this value. Lookup tables (eg. with CSV) seems to only be useable for exact matches. Pipelines don’t seem to support bitwise operators, or even simple if() (but I may have missed something, I’ve issues to find a good documentation about the pipeline rules’ language - it looks like javascript but is sadly not javascript).
Any idea how can I work with these bitwise values?