Pipeline - Create field with value from another field

Hey guys

i have a message on graylog (Graylog 3.1.3+cda805f), i used a content pack and the message now contains 3 fields:

level
6
message
device=“SFW” date=2020-01-02 time=18:15:34 sent_bytes=75534376 recv_bytes=2848799791
source
SFW

I need to create a new numeric field for the recv_bytes and i would like to convert this value in MB…

I was able to create a extractor but the field type in that case is string…this is the pipeline rule that i created, the field raw_recv_bytes was created with extractor:
1:

rule “XG recv_bytes”
when
to_string($message.source) == “SFW”
then
set_fields(
grok(
pattern: “fw_recv_bytes=%{Long:NUMBER}”,
value: to_string($message.raw_recv_bytes),
only_named_captures: true
)
);
end

2:

rule “XG recv_bytes”
when
to_string($message.source) == “SFW”
then
set_field(“fw_recv_bytes”,$message.raw_recv_bytes);
end

Anyone can help?

Thanks

(with formatting to make it easier to read…)

set_field("fw_recv_MB", to_long($message.raw_recv_bytes) / 1073741824);

Hi @tmacgbay

I just changed

"

To “1048576” because the source was in bytes and it works like a charm

Thanks for your help

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.