Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
1. Describe your incident:
Hello everyone,
Microsoft 365 logs are sent from a collector to Graylog.
The logs arrive unformatted and the content of the “message” field is always in a different order. I would therefore have to create countless grok patterns.
An alternative is an Extracor. Here I get different fields with the corresponding value. The problem, however, is that I cannot rename the fields. The pipeline rule function “rename_field”, which I use for other streams, does not work here.
Translated with DeepL.com (free version)
2. Describe your environment:
-
OS Information: 6.0.1
-
Service logs, configurations, and environment variables:
Example of a log:
{“BrowserVersion”:“Value”,“UserType”:Value,“DeviceDisplayName”:“Value”,“RecordType”:Value,“Version”:Value,“Operation”:“Value”}
3. What steps have you already taken to try and solve the problem?
Various pipeline rules, Google
4. How can the community help?
Do any of you have an idea how to solve the problem?
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]