Replacing UID with Username

gsmith · August 26, 2022, 10:02pm

Thanks @tmacgbay this worked very good, had to share

rule "Graylog Web Access User Convert"
when
    contains(to_string($message.message),"UID=")
then   
    let robin = to_string($message.message);
   
    let batman = replace(robin, "1914600003", "cat.women");
    let batman = replace(robin, "100100110010011001001",    "tad.sherrill");
    let batman = replace(robin, "987324e32874ff32892b2829", "gsmith");

   // changed the number of digits count to be required between 6 and 10   {6,10}
    let batman = regex_replace("(?<=UID\\=)(?>\\d{6,10})",robin,"USER_NOT_FOUND",false);

    set_field("message",batman);
end

Topic		Replies	Views
Replacing UID with Username using lookup table Graylog Central (peer support) pipeline-rules	19	1134	April 28, 2022
Replace sensitive information Graylog Central (peer support) pipeline-rules	6	474	May 23, 2023
Having an issue with graylog rule Graylog Central (peer support) pipeline-rules	33	510	March 24, 2023
Regex Pipeline assistance needed Graylog Central (peer support)	1	278	October 4, 2019
Replace string in field with pipeline rule Graylog Central (peer support) pipeline-rules	9	6292	April 26, 2019

Replacing UID with Username

Related Topics