Rudimentary built in programming

vadim.max · March 6, 2025, 9:53am

Does anyone know how to create a rule that distinguishes between “,vmx1,” and ',vmx1.703," (these are interface name and interface name + vlan number)?

Why “then” clause does not allow nested “when” conditions?

Is there a documentation of what I can and cannot do when writing rule conditions?

Joel_Duffield · March 6, 2025, 12:46pm

There is a free training course Log Ingestion

The idea of pipeline rules is that you run multiple rules over multiple stages rather than allowing if statements in the single rule.

A combination of regex and NOT in your when statement should allow you to split those up.

vadim.max · March 12, 2025, 1:21pm

I need a finite state machine algorithm to implement. How may I do it with these videos?

vadim.max · March 13, 2025, 7:43am

Is it possible to create custom grok patterns in GrayLog? AI says yes, but it doesn’t work the way it describes.

janheise · March 13, 2025, 8:51am

unless you post AI’s answer, nobody can tell what’s wrong with it.

Here is a link to our docs: Functions Descriptions

vadim.max · March 13, 2025, 9:34am

GROK1 claims that if I want to create this pattern:

INTERFACE [A-Za-z0-9]+(.[0-9]+)?

I need to create a file /etc/graylog/server/grok-patterns/custom with the line above, make it owned by graylog with access mask 644. Then edit the /etc/graylog/server/server.conf file and add the line “grok_patterns_path = /etc/graylog/server/grok-patterns/”. Restart the graylog-server service and now I may use the INTERFACE pattern to parse messages.

That does not work.

janheise · March 13, 2025, 9:47am

No, that does not work. We do not state anything like that in our docs, by the way. Please spend some more time reading the docs and familiarise yourself with it. It seems that in the long run, you might save time by doing so instead of trying to chase down what AI has wrong.

To create your pattern, go into the User Interface, System->Grok Patterns->press the “Create pattern” button.

janheise · March 13, 2025, 11:02am

Can you please clarify/give more info on your use case? What are you trying to achieve?

vadim.max · March 13, 2025, 12:15pm

I want to create a log parser that analyses incoming strings and parses them character by character making on the fly decision what every character is and part of what value it might be.

vadim.max · March 13, 2025, 1:25pm

Trying not to multiply threads: is it possible to apply a pipeline rule to all unprocessed messages in the index?

vadim.max · March 14, 2025, 7:11am

OK, I know the answer myself: with standard GrayLog functionality – NO.

Topic		Replies	Views
Need help in pipeline rule configuration Graylog Central (peer support) pipeline-rules	10	6854	August 7, 2018
Grok Pattern in Pipelines Graylog Central (peer support)	5	176	October 17, 2024
Grok in pipeline Graylog Central (peer support) pipeline-rules	9	3073	December 14, 2021
3.1 pipeline help Graylog Central (peer support) pipeline-rules , sidecar , winlogbeat	2	787	September 6, 2019
Rules execution order in stages and changes visibility? Graylog Central (peer support)	4	1665	February 14, 2022

Rudimentary built in programming

Related topics