Pipeline Rule Builder - how to use input from on field, add domain to the input, and store as a new field

fvr_flho · June 14, 2024, 11:31am

Hi

I have log, where I will receive a field with a workstationname without domainname. As I want this to be a FQDN I want to create a new field with the workstation name + “mydomain.local”

I figured out the following souce code:

let new_field_value = concat(to_string($message.winlogbeat_winlog_event_data_Workstation), “.mydomain.local”);
set_field(“SourceFQDN”, new_field_value);

But how to do in the rule builder?

Best regards
/F

fvr_flho · June 28, 2024, 7:54am

bump - still hoping for someone

system · July 12, 2024, 7:54am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Pipelines not working Graylog Central (peer support) pipeline-rules	2	453	May 10, 2022
Pipeline rules problem concatenating existing fields into a new field Graylog Central (peer support) pipeline-rules	3	1487	April 22, 2020
Questions regarding pipeline processing / change field value of message Graylog Central (peer support)	3	3053	November 27, 2017
Creating new fields in pipeline Graylog Central (peer support) pipeline-rules , route-to-streampl	4	2205	May 28, 2019
Pipelines for create new fields Graylog Central (peer support) pipeline-rules	4	285	July 18, 2024

Pipeline Rule Builder - how to use input from on field, add domain to the input, and store as a new field

Related topics