I’m new to Graylog, and created a data adapter to specify that I want a CSV file to be interpreted, with key/values for the device hostnames, respectively. I did add the path of my CSV file, but for some reason it says it’s not valid even though I double checked the directory of my CSV file (it’s on my local desktop, any advice for this would be appreciated). I know I need to create the cache, and then use both of these to populate the Data Lookup Table.
So I want the ip address to be added to the various fields as part of the metadata that’s generated for each signature count, so if there’s field values like “source port, destination port, timestamp,” I also want there to be an addition for “hostnames,” with the name of the device.
I know this may involve working with pipelining or extractors or grok to be able to parse the data from the Data Lookup Table to get into the message stream, but I’m not sure where to get started when I get to this step. Any advice would be appreciated.
If you’re just trying to add Hostname or IP when one or the other shows up, have you looked at using the DNS/rDNS adapters instead? That’s what I did as it was simpler with my setup than trying to extract a CSV to import.
When I did initially test with a CSV I used the HTTP DSV adapter instead of the local file as that was easier for me to do than pushing a CSV to a docker volume.
