When Condition comparing against string

calamity · February 28, 2020, 11:11pm

For example when I do this

when
to_string($message.testfield) == “test”
then
set_field(“test”,“test2”);
end

Would the == part work or does the value “test” have to be acquired by another to_string and another field in the message?

shoothub · March 2, 2020, 12:52pm

Your example to compare string field with another string should work OK with ==
If you want to compare 2 string fields, it’s necessary to use to_string in both:
to_string($message.src_ip) == to_string($message.dst_ip)

Anyway, it’s better to first check, if field exists:
has_field("mnemonic") AND to_string($message.mnemonic) == "FILECPY"

https://docs.graylog.org/en/3.2/pages/pipelines/rules.html#conditions

system · March 16, 2020, 12:52pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Make search string with comparison of fields values (field1=field2) Graylog Central (peer support)	2	2680	July 6, 2017
Value comparision from different messages Graylog Central (peer support) key_value	3	759	April 29, 2022
Graylog comparison of two fields Graylog Central (peer support)	2	980	December 8, 2020
Pipeline comparison operators Graylog Central (peer support)	3	1691	June 21, 2018
Conditions question - is the value field a exact match of partial match Graylog Central (peer support)	1	440	August 30, 2019

When Condition comparing against string

Related Topics