`with` rule block for one-time calculations and variable assignments

[coffee-squirrel]

Problem description

It might be useful to have a with (or using... whatever) block, alongside when and then, to do one-time calculations and variable assignments for a rule. The examples below show my attempt at mapping one value to another, and how I'd use a with block.

rule "Map a letter to a number (map creation in 'then' block)"
when
  grok("^%{TIMESTAMP_ISO8601:ts} [CEWID] ", to_string($message.message)).matches == true
then
  let result = grok("^%{TIMESTAMP_ISO8601:UNWANTED} %{DATA:severityLetter} ", to_string($message.message));
  let levelMap = key_value("C=2 E=3 W=4 I=6 D=7");
  set_field("my_severity", to_long(levelMap[to_string(result["severityLetter"])]));
end

rule "Map a letter to a number (map creation in 'using' block)"
with
  let levelMap = key_value("C=2 E=3 W=4 I=6 D=7");
when
  grok("^%{TIMESTAMP_ISO8601:ts} [CEWID] ", to_string($message.message)).matches == true
then
  let result = grok("^%{TIMESTAMP_ISO8601:UNWANTED} %{DATA:severityLetter} ", to_string($message.message));
  set_field("my_severity", to_long(levelMap[to_string(result["severityLetter"])]));
end

Environment

• Graylog Version: 2.1.1+01d50e5
• Pipeline Processor plugin version: 1.1.1 (no change from 2.1.1)

[kroepke]

In 2.2 we introduce dynamic code generation, which will precompute all constant expressions (including maps and arrays), automatically providing these kinds of optimizations without extra syntax.

[kroepke]

fixed in #129