Releases: billmurrin/graylog-plugin-slookup-function
SLookup 2.0.0 - Multiple Return Fields
I'm happy to announce version 2.0.0 of the Stream Lookup (SLookup) Pipeline Processor Function for Graylog 2.3.2 and 2.4.0.
This release adds the following features:
- Ability to specify multiple return fields on a lookup (#5)
rule "Log Enrichment - Descending"
when
has_field("winlogbeat_computer_name")
then
//StreamID, Source Field, Destination Field, Return Field(s), Relative Time, Ascending SortOrder
let system_info = slookup("5a5d8854315d00059dbea98f", "winlogbeat_computer_name", "computer_name", ["ip_address","operating_system","mac_address"], "300", "desc");
set_field("ip_address", system_info[0]);
set_field("operating_system", to_string(system_info[1]));
set_field("mac_address", system_info[2]);
end
- Fixed escape issue with special Lucene characters (#6)
- The
rtnFields
parameter is now a List. If you have one return value, place it in brackets. E.g.["ip_address"]
If you encounter any difficulties, have feature requests, etc., please file an Issue
v1.1.0 SLookup Enhancement - Sort Order
This incremental release adds the ability to sort the return field by timestamp in either ascending or descending order (Issue #1). This feature comes in handy if you have multiple records being returned during the query. Please see the README for examples of the sort order in action.
Please report an Issue if you are having issues or would like to request a feature be added to SLookup. Mahalo!
v1.0.0 Initial Release of Graylog2 SLookup PipeLine Processor Function
I am proud to announce the initial release of the Graylog2 SLookup PipeLine Processor Function. The goal of the function is to return a field from a remote stream if the remote stream's destination field matches the value of the source field. A use case and example function are provided in the README. v1.0.0 was tested and is compatible with Graylog 2.2.1. It is unknown if the plugin is compatible with earlier versions.