# Message Builder {% hint style="info" %} See the changelog of this Action type [here](/actions/message-builder.md). {% endhint %} ## Overview The **Message Builder** Action allows users to define new messages by combining different input fields.
{% hint style="warning" %} In order to configure this Action, you must first link it to a Listener. Go to [Building a Pipeline ](/the-workspace/pipelines/building-a-pipeline.md)to learn how to link. {% endhint %} {% hint style="info" %} **AI Action Assistant** This Action has an AI-powered chat feature that can help you configure its parameters. Read more about it in [this article](/the-workspace/pipelines/building-a-pipeline/ai-assistant/ai-action-assistant.md). {% endhint %} ## Ports These are the input and output ports of this Action:
Input ports * **Default port** - All the events to be processed by this Action enter through this port.
Output ports * **Default port** - Events are sent through this port if no error occurs while processing them. * **Error port** - Events are sent through this port if an error occurs while processing them.
## Configuration {% stepper %} {% step %} Find **Message Builder** in the **Actions** tab (under the **Formatting** group) and drag it onto the canvas. Link it to the required [Listener](https://docs.onum.com/the-workspace/listeners) and [Data sink](https://docs.onum.com/the-workspace/pipelines/data-sinks). {% endstep %} {% step %} To open the configuration, click the Action in the canvas and select **Configuration**. {% endstep %} {% step %} Enter the required parameters:
ParameterDescription
Fields*

This is where you specify the fields you wish to include in your message, color coded by type.

Fields beginning with _ are internal fields.

Destination Field Name*Give your message a name to identify it by in the end destination.
Output format*Choose how to send your message from the following formats: CSV, JSON, Key Value, Free Mode. See the tabs below for the settings specific to each one.
{% endstep %} {% step %} ### Save Click save when you have composed your message. {% endstep %} {% endstepper %} {% tabs %} {% tab title="CSV" %} To include a field in your message, drag it from the **Fields** area and drop it into the **Message** area**.** You can add a **Field** **Delimiter** to separate the fields in your message string. Choose between `:` , `,` , `|` , `;` .
This will generate an output CSV. {% endtab %} {% tab title="JSON" %} You can generate a JSON file. To include a field in your message, drag it from the **Fields** area and drop it into the **Message** area**.** This will automatically add the field value separated by : followed by the source action and field. A comma separates each JSON value. Click **New Register** to manually type the values and fields.
In JSON mode, when adding a **literal** **value** you may select the **JSON type** of that literal: string, number or boolean. Literals are a **string** type by default.
This will generate a JSON file. {% endtab %} {% tab title="Key-Value" %} Create a key-value file. To include a field in your message, drag it from the **Fields** area and drop it into the **Message** area**.** This will automatically add the field value separated by `:` followed by the source action and field. A `:`separates each key-value pair. To change the Value and Pair separators, use the drop-down menus and choose between `:` , `;` , and `|` Click **New Register** to manually type the values and fields.
{% endtab %} {% tab title="Free mode" %} To include a field in your message, drag it from the **Fields** area and drop it into the **Message** area**.** The expressions should be strings that, optionally, may contain field names. For example: ``` this is an example with the value: ${myField} ``` where `${myField}` will be replaced with the actual value in the event. The action provides the following features depending on the argument *delimiter behavior* and the given *delimiter* and *replacement* values: * `REPLACE`: replaces `delimiter` with `replacement` on each event field. * `DELETE`: deletes `delimiter` on each event field. * `QUOTE`: adds double quotes surrounding an event field if it contains `delimiter`. * `ESCAPE`: adds a backslash (`\`) before each `delimiter` on each event field. To select more than one at once, click a field in the **Fields** area and select the checkboxes next to the name, then select **Add fields.** {% endtab %} {% endtabs %} ## Example Let's say you have received raw data in JSON format and wish to extract the fields and format them as a CSV. {% stepper %} {% step %} ### Raw data ``` [ { "username": "user_1", "method": "POST", "endpoint": "breach log", "ip": "10.XXX.XX.XX", "description": "[Role] User performed an action on breach log", "viewport": [1920, 955], "usage": true }, { "username": "user_1", "method": "POST", "endpoint": "event log", "ip": "10.XXX.XX.XX", "description": "[Role] User performed an action on event log from breach log", "viewport": [1920, 955], "usage": true }, { "username": "service_user", "method": "POST", "endpoint": "/admin/age", "ip": "127.0.0.1", "status": 400 }, { "username": "user_2", "method": "POST", "endpoint": "/sso/login", "ip": "10.XXX.XX.XX", "status": 302 } ] ``` {% endstep %} {% step %} ### Parse the JSON Add a Parser to the canvas and extract the fields using the automatic parsing.
You have extracted the **endpoint, ip, method, status** and **username** into separate fields. {% endstep %} {% step %} ### Build the message Now use the **Message Builder** to create a CSV containing these fields as one message. Drag the following fields to the **Message** area: * method * description * object * endpoint * ip * status * username * port **Fields delimiter:** *,* **if delimiter matches:** *Put "" in quotes.* {% endstep %} {% endstepper %} {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.onum.com/the-workspace/pipelines/actions/formatting/message-builder.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.