Pipeline rule to generate a Object field with obtained IPs (multi_value) for a QNAME, from a DNS LookUp Table

tmacgbay · April 15, 2020, 2:17pm

Spent too long on this, here is what I came up with:

let lookup_IPs_json = parse_json(to_string(lookup("DNS_QNAME_IP", to_string(message.QNAME))));
debug(concat("Initial json: ", to_string(lookup_IPs_json)));

let the_ips = select_jsonpath(json: lookup_IPs_json, paths: { QNAME_IP: "$['string list value']" });
debug(concat("Set to fields: ", to_string(the_ips)));

set_fields(the_ips);

Topic		Replies	Views
Pipeline rule, multiple values using regex function, only possible to return value ["0"] Graylog Central (peer support) pipeline-rules , debuggingpl	2	2234	April 27, 2020
Pipeline hangup Graylog Central (peer support)	4	488	August 2, 2022
Parsing pipeline ["values"] from multi-value result Graylog Central (peer support)	4	1122	February 8, 2018
Pipeline value to extract Graylog Central (peer support) pipeline-rules	5	518	November 22, 2023
Search at json object field Graylog Central (peer support) pipeline-rules	6	4309	April 15, 2020

Pipeline rule to generate a Object field with obtained IPs (multi_value) for a QNAME, from a DNS LookUp Table

Related topics