Hi ,
I am new to graylog and i’ve a use case as i need to compare event logs and if the source ip is same for last 2 or 3 logs, i need to alert. Is it possible to do something in graylog pipelines? i’ve set stream/rules etc. But unable to find any functions matching this case.
Any help would be appreciable
Thanks
S
@h.sreekant Comparing two fields can be done when you use the same data type, e.g. to_string($message.src_ip) == to_string($message.dst_ip) will compare the two strings and will become true on match. Comparing different data types evaluates to false.
You can also check pipeline rules documentation for more information.
https://docs.graylog.org/en/latest/pages/pipelines/rules.html
Hope this will helps you 
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
