Hello! Can you advice? Can I use extractor to find some value and when this value exist store to the field some othe value. Example: If value snmp exist in message, store in field true. To get finally -> (SNMP_FIELD: true)
I will be very grateful for your help!
Thank you! Exactly what is needed.
Can I use pipeline after extractor?
Example:
- Extractor adding new field SNMP
- Add pipeline:
rule "test"
when
has_field(“SNMP”)
then
set_field(“SNMP”, “true”);
end
Yes, depending on what the order of message processors is. See System/Configurations in the Graylog web interface.
I am grateful to you for your help!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.