right now I’m fighting a little with the pipeline rules syntax and have the feeling it is to limited for the field manipulations I need to do.
I can’t influence the log-file format I need to process and some messages need some string processing to create useful fields.
With a ‘complete’ language like jruby I could do this in a heartbeat.
With the rules syntax I’m now forced to do this with java.
This is unfortunately not a good option, because the admins that manage the graylog servers are not java programmers.
I’ve already poked around a little in the graylog code and think this is doable with reasonable effort. I’m also willing to do a POC, but want to hear first, if there is an interest in this feature.