Ok thank you for the info!
Made multiple replace with regex extractors for now. Works well but kinda
tedious to do.
Will likely make a content pack to save others the trouble ;)
On Thursday, 21 July 2016 18:12:40 UTC-4, Jochen Schalanda wrote:
>
> Hi Julio,
>
> you'll have to create multiple ru
Hi Julio,
you'll have to create multiple rules for this at the moment.
Cheers,
Jochen
On Thursday, 21 July 2016 18:39:25 UTC+2, juli...@gmail.com wrote:
>
> Did come out with this:
>
> rule "Add ID Meaning"
>> when
>> has_field("ID") && contains(to_string($message.ID), "11")
>> then
>> s
Did come out with this:
rule "Add ID Meaning"
> when
> has_field("ID") && contains(to_string($message.ID), "11")
> then
> set_field("ID_Description", "A lease was renewed by a client.");
> end
Can I have multiple when/then clauses in the same rule?
--
You received this message because
That sound interesting but for the moment, can I read and write from and to
a message field?
On Thursday, 21 July 2016 11:43:30 UTC-4, Jochen Schalanda wrote:
>
> Hi Julio,
>
> currently that's not easily possible but we plan to introduce functions
> for lookups in dictionaries or external sour
Hi Julio,
currently that's not easily possible but we plan to introduce functions for
lookups in dictionaries or external sources in the message processing
pipelines (http://docs.graylog.org/en/2.0/pages/pipelines.html) in a future
version.
Cheers,
Jochen
On Thursday, 21 July 2016 17:19:48 UT
