Sometimes users might want to parse and merge the JSON payload of a message
with the Graylog message without knowing the complete structure of the payload
or without having a fixed structure which could be selectively merged by using
the json_path() method.
This commit essentially adds the possiblity to create a pipeline rule emulating
the existing JSON extractor:
rule "json"
when
// some condition
then
let json = parse_json(to_string($message.some_field));
set_fields(json);
end
Sometimes users might want to parse and merge the JSON payload of a message with the Graylog message without knowing the complete structure of the payload or without having a fixed structure which could be selectively merged by using the
json_path()method.This commit essentially adds the possiblity to create a pipeline rule emulating the existing JSON extractor:
Refs: https://community.graylog.org/t/parse-unknown-json-with-pipelines/3293/7