Problems with greynoise pipeline

Hey everyone,

I’ve been trying to put to work a pipeline that integrates my fortigate logs (that come to graylog via syslog) with Greynoise, but unfortunetly it’s not working. It does not make any enrichment to my data.

So the following image shows the rule that I am using.

The lookup table is working properly, as i can do lookup tests and it works.

The logs that I am trying to enrich have the dstip field like we can see in the following image:


With all this configured, this is the pipeline config:

As we can see the logs are not being enrich, because the rule is not matching any logs. Is there anything that I’m missing in here?

Thank you in advance for any help you can provide!

You can successfully manually lookup that IP value in your lookup table?

So I figured it out, the order of the Message Processors was not correct I had the pipeline way up in the order and now it is like this:

|1|AWS Instance Name Lookup
|2|Message Filter Chain
|3|Stream Rule Processor
|4|Pipeline Processor
|5|GeoIP Resolver

1 Like