Hi Julio, currently that's not easily possible but we plan to introduce functions for lookups in dictionaries or external sources in the message processing pipelines (http://docs.graylog.org/en/2.0/pages/pipelines.html) in a future version.
Cheers, Jochen On Thursday, 21 July 2016 17:19:48 UTC+2, [email protected] wrote: > > I'm trying to parse a field for my DHCP logs and I'm wondering if I can > make an extractor which will do some sort of if else statement to fill a > new field with a value depending on the content of another field. > > 00 The log was started. > 01 The log was stopped. > 02 The log was temporarily paused due to low disk space. > 10 A new IP address was leased to a client. > 11 A lease was renewed by a client. > 12 A lease was released by a client. > 13 An IP address was found to be in use on the network. > 14 A lease request could not be satisfied because the scope's address > pool was exhausted. > 15 A lease was denied. > 16 A lease was deleted. > 17 A lease was expired and DNS records for an expired leases have not > been deleted. > 18 A lease was expired and DNS records were deleted. > 20 A BOOTP address was leased to a client. > 21 A dynamic BOOTP address was leased to a client. > 22 A BOOTP request could not be satisfied because the scope's address > pool for BOOTP was exhausted. > 23 A BOOTP IP address was deleted after checking to see it was not in use. > 24 IP address cleanup operation has began. > 25 IP address cleanup statistics. > 30 DNS update request to the named DNS server. > 31 DNS update failed. > 32 DNS update successful. > 33 Packet dropped due to NAP policy. > 34 DNS update request failed.as the DNS update request queue limit > exceeded. > 35 DNS update request failed. > 50+ Codes above 50 are used for Rogue Server Detection information. > > So basically if the ID field if 32, I want to create and fill a field with > "DNS update successful." and so on. > How can I achieve this, preferably within a single extractor? > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/5619d1da-97de-4e92-806c-8ba96c2c0142%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
