Which one to choose? Pipeline or Decorators or Logstash translate?

blason · September 19, 2018, 7:44am

Hi Graylog Team,

I need to use what called Dictionary feature in logstash for looking up a yaml file or CSV file and if match is found add new field in logs.

E.g.

“xyz.com”: “PHISHING”
“bad.com”: “APT”
“qaz.com”: “CVE-1234-1234”

and so on

Now my confusion is which method should I use to achieve the above stuff? I even need to create a dashboard and Alert notifications basis on those fields and decorators what I understood is - can not be used in Dashboards.

Hence can someone please suggest?

macko003 · September 19, 2018, 8:52am

Hi

You need the lookup feature of graylog.
First you need to config lookup, after set an extractor or pipeline to use it.
http://docs.graylog.org/en/2.4/pages/lookuptables.html
https://community.graylog.org/t/using-a-csv-lookup-table-within-a-pipeline/3707

//Decorators are only available in search and work in real time, so you can’t use it in alert and dashboard

system · October 3, 2018, 8:52am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Trouble getting Graylog decorators to work Graylog Central (peer support)	8	1913	March 8, 2018
Pipeline performance optimization and metrics Graylog Central (peer support) pipeline-rules , route-to-streampl , grok-patternspl , documentation , architecture	3	117	June 11, 2024
Lookup data from a static file? Graylog Add-ons	2	916	March 14, 2017
Graylog Extraktor with lookup table Graylog Central (peer support) pipeline-rules	14	2117	May 7, 2018
Logstash-gelf needs logstash installed? Graylog Add-ons	5	1422	August 22, 2018

Which one to choose? Pipeline or Decorators or Logstash translate?

Related Topics