Hi Julio, currently that's not easily possible but we plan to introduce functions for lookups in dictionaries or external sources in the message processing pipelines (http://docs.graylog.org/en/2.0/pages/pipelines.html) in a future version.
Cheers, Jochen On Thursday, 21 July 2016 17:19:48 UTC+2, juli...@gmail.com wrote: > > I'm trying to parse a field for my DHCP logs and I'm wondering if I can > make an extractor which will do some sort of if else statement to fill a > new field with a value depending on the content of another field. > > 00 The log was started. > 01 The log was stopped. > 02 The log was temporarily paused due to low disk space. > 10 A new IP address was leased to a client. > 11 A lease was renewed by a client. > 12 A lease was released by a client. > 13 An IP address was found to be in use on the network. > 14 A lease request could not be satisfied because the scope's address > pool was exhausted. > 15 A lease was denied. > 16 A lease was deleted. > 17 A lease was expired and DNS records for an expired leases have not > been deleted. > 18 A lease was expired and DNS records were deleted. > 20 A BOOTP address was leased to a client. > 21 A dynamic BOOTP address was leased to a client. > 22 A BOOTP request could not be satisfied because the scope's address > pool for BOOTP was exhausted. > 23 A BOOTP IP address was deleted after checking to see it was not in use. > 24 IP address cleanup operation has began. > 25 IP address cleanup statistics. > 30 DNS update request to the named DNS server. > 31 DNS update failed. > 32 DNS update successful. > 33 Packet dropped due to NAP policy. > 34 DNS update request failed.as the DNS update request queue limit > exceeded. > 35 DNS update request failed. > 50+ Codes above 50 are used for Rogue Server Detection information. > > So basically if the ID field if 32, I want to create and fill a field with > "DNS update successful." and so on. > How can I achieve this, preferably within a single extractor? > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/5619d1da-97de-4e92-806c-8ba96c2c0142%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
