That sound interesting but for the moment, can I read and write from and to a message field?
On Thursday, 21 July 2016 11:43:30 UTC-4, Jochen Schalanda wrote: > > Hi Julio, > > currently that's not easily possible but we plan to introduce functions > for lookups in dictionaries or external sources in the message processing > pipelines (http://docs.graylog.org/en/2.0/pages/pipelines.html) in a > future version. > > Cheers, > Jochen > > On Thursday, 21 July 2016 17:19:48 UTC+2, [email protected] wrote: >> >> I'm trying to parse a field for my DHCP logs and I'm wondering if I can >> make an extractor which will do some sort of if else statement to fill a >> new field with a value depending on the content of another field. >> >> 00 The log was started. >> 01 The log was stopped. >> 02 The log was temporarily paused due to low disk space. >> 10 A new IP address was leased to a client. >> 11 A lease was renewed by a client. >> 12 A lease was released by a client. >> 13 An IP address was found to be in use on the network. >> 14 A lease request could not be satisfied because the scope's address >> pool was exhausted. >> 15 A lease was denied. >> 16 A lease was deleted. >> 17 A lease was expired and DNS records for an expired leases have not >> been deleted. >> 18 A lease was expired and DNS records were deleted. >> 20 A BOOTP address was leased to a client. >> 21 A dynamic BOOTP address was leased to a client. >> 22 A BOOTP request could not be satisfied because the scope's address >> pool for BOOTP was exhausted. >> 23 A BOOTP IP address was deleted after checking to see it was not in >> use. >> 24 IP address cleanup operation has began. >> 25 IP address cleanup statistics. >> 30 DNS update request to the named DNS server. >> 31 DNS update failed. >> 32 DNS update successful. >> 33 Packet dropped due to NAP policy. >> 34 DNS update request failed.as the DNS update request queue limit >> exceeded. >> 35 DNS update request failed. >> 50+ Codes above 50 are used for Rogue Server Detection information. >> >> So basically if the ID field if 32, I want to create and fill a field >> with "DNS update successful." and so on. >> How can I achieve this, preferably within a single extractor? >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/fa738941-1998-4ed7-a4ec-969deb232eee%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
