Ok thank you for the info! Made multiple replace with regex extractors for now. Works well but kinda tedious to do. Will likely make a content pack to save others the trouble ;)
On Thursday, 21 July 2016 18:12:40 UTC-4, Jochen Schalanda wrote: > > Hi Julio, > > you'll have to create multiple rules for this at the moment. > > Cheers, > Jochen > > On Thursday, 21 July 2016 18:39:25 UTC+2, [email protected] wrote: >> >> Did come out with this: >> >> rule "Add ID Meaning" >>> when >>> has_field("ID") && contains(to_string($message.ID), "11") >>> then >>> set_field("ID_Description", "A lease was renewed by a client."); >>> end >> >> >> Can I have multiple when/then clauses in the same rule? >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/8f5764fe-832e-4cc3-9167-cb5180f304a7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
