How i can do key value from syslog???
i try
rule “convert level to severity”
when
has_field(“level”)
then
let result = to_string($message.level);
let levelMap = key_value(“0=EMER 1=ALERT 2=CRIT 3=ERROR 4=WARNING 5=NOTICE 6=INFO 7=DEBUG”);
set_field(“level”, to_long(levelMap[to_string(result)]));
end
But this no work…
help please how i can do custom convert log level numbers to severity…
there is a function specific to what you are trying to do:
https://docs.graylog.org/en/latest/pages/pipelines/functions.html#syslog-level
:
No, i need custom names, in this function use long names as “informational” i need “INFO” and etc
In that case, create a lookup table
https://docs.graylog.org/en/latest/pages/lookuptables.html
don’t understand how lookup tables help me in this question
i need replace value and put in elasticsearch
A do this!!!
rule "convert level to severity"
when
has_field("level")
then
let levelMap = key_value("0=EMERGENCY 1=ALERT 2=CRITICAL 3=ERROR 4=WARNING 5=NOTICE 6=INFO 7=DEBUG");
set_field("level", to_string(levelMap[to_string($message.level)]));
end
It WORKS! Thx all, post closed
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.