HI all,
I`m actually failing in getting the syslog level (1…7) converted to the text (warning, debug, informational, etc.). All my ideas are just working in the search field but not in the views area. Unfortunately the views are the only place to put a custom message board.
I tried to use csv lookup: working but only in search area
I tried to use pipelines: working but only in search area
Is there a way to get the translated field into the views?
do you want to change the value permanent or just temporary for display (with decorators)?
Hi Jan,
both is okay…but as far as I know…the decorators only work in the search-tab. In search-tab …everything works. But I want to create a view, cause this seems to be the only place where I can use a custom message dashboard.
you did not share the Graylog version - in 3.2 decorators will be usable for your use case. In the current stable release you already seen that it is not possible with the decorators.
If you already have a processing pipeline for that, you can make the change permanent during processing - connect the pipeline to a stream where the messages are in.
Hi Jan,
I upgrade to version 3.2:
now the decorators (syslog level) are available in the dashboards, but they dont work for me (just in the search area again). 
My previously working pipelines also do not work (no fields are generated).
I use the following rules:
rule "sysloglevel"
when
has_field("level")
then
let sysloglevel=expand_syslog_priority_as_string($message.level);
set_field("sysloglevel",sysloglevel);
endHi Thomas,
can you be more specific why the decorators do not work for you in the dashboards?
I would at first go this line before starting to debug your pipeline rule, which looks good to me on first glance.
Hi Konrad,
I can successfully add the decorator into the search: 
Then I copy the table to the dashboard. The decorator is also activated in the dashboard, but the decorated field (severity) is now missing.
Hi Thomas,
I tried to reproduce this problem. I also copied the message table to the dashboard but I still get the decorated field. Could you please have a look into graylog server.log for any errors?
As an workaround, could you try to create the message table directly in the dashboard and create the decorator there.
But if you have problems with coping the message table with decorator, then we need to address that issue.
Thanks for your input!
Hi Konrad,
I did some additional testing and found the problem. I got confused when testing with multiple browser-windows (layer8 problem).
Result:
I can live with that little limitation. It just have to find a way to get the the copied message to another dashboard tab 
.
Thanks for your input!
Hi Thomas,
that is strange, this is also seems to be working for me.
Can you still take a look in the graylog server.log to see if you have any error message?
Unfortunately we do not support coping of widgets into other tabs right now. But will so in 3.3.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.