Pipelines key value

Graylog Central (peer support)
,
1

How i can do key value from syslog???

i try

rule “convert level to severity”
when
has_field(“level”)
then
let result = to_string($message.level);
let levelMap = key_value(“0=EMER 1=ALERT 2=CRIT 3=ERROR 4=WARNING 5=NOTICE 6=INFO 7=DEBUG”);
set_field(“level”, to_long(levelMap[to_string(result)]));
end

But this no work…

help please how i can do custom convert log level numbers to severity…

2

there is a function specific to what you are trying to do:
https://docs.graylog.org/en/latest/pages/pipelines/functions.html#syslog-level
:

3

No, i need custom names, in this function use long names as “informational” i need “INFO” and etc

4

In that case, create a lookup table
https://docs.graylog.org/en/latest/pages/lookuptables.html

5

don’t understand how lookup tables help me in this question
i need replace value and put in elasticsearch

6

A do this!!!

rule "convert level to severity"
when
    has_field("level")
then
    let levelMap = key_value("0=EMERGENCY 1=ALERT 2=CRITICAL 3=ERROR 4=WARNING 5=NOTICE 6=INFO 7=DEBUG");
    set_field("level", to_string(levelMap[to_string($message.level)]));
end

It WORKS! Thx all, post closed

2 Likes
7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.