I don’t manage to check if a value is included in a List.
I get a List from the split function:
let my_list = split(";", “admin;root;toto;foo”);
Then I want to check if a value is contained in this list but I don’t find any function to do it.
And I think it’s not possible to do a for loop to walk through the list.
Graylog’s version is 3.3.8.
I have a HTTP JSONPath lookup.
I request this lookup in a pipeline rule with the lookup() function:
let value = lookup("my_lookup", "some_key");
The returned value is a list of values split by “;” (admin;toto;root;administrator…).
Then I want to check if a field’s value is included in this list.
For example I want to check if the value of the field “user” of a log is included in this list.
I’ve found the split() function to create a list from the string.
let my_list = split(";", “admin;root;toto;foo”);
But I don’t know how to check if the “user” field is included in this list.
The First solution I’ve though is a function which checks if the value is included in a list.
For example:
let in_list = is_value_in_list($message.user, my_list)
But I didn’t find any function like that.
If the function doesn’t exist I could resolve my problem with an algorithm like that:
in_list = False
for item in my_list:
if $message.user == item:
in_list = True
set_field("user_in_list", True)
But I don’t know if we can do something like that in a pipeline rule.
Actually my solution is to use the contains() function:
contains(“admin;toto;root;foobar”, $message.user)
It works but it can lead to false positive.
For example: