# Field Transformation

{% hint style="info" %}
See the changelog of this Action type [here](https://app.gitbook.com/s/IXj83By4f20oCrZZ0gyP/field-transformation).
{% endhint %}

## Overview

The Field Transformation action acts as a container that enables users to perform a wide range of operations on data, including encoding and decoding various types of encryption, format conversion, file compression and decompression, data structure analysis, and much more. The results are stored in new events fields.

In order to configure this action, you must first link it to a Listener or other Action. Go to [Building a Pipeline ](https://docs.onum.com/the-workspace/pipelines/building-a-pipeline)to learn how to link.

{% hint style="info" %}
**AI Action Assistant**

This Action has an AI-powered chat feature that can help you configure its parameters. Read more about it in [this article](https://docs.onum.com/the-workspace/pipelines/building-a-pipeline/ai-assistant/ai-action-assistant).
{% endhint %}

## Ports

These are the input and output ports of this Action:

<details>

<summary>Input ports</summary>

* **Default port** - All the events to be processed by this Action enter through this port.

</details>

<details>

<summary>Output ports</summary>

* **Default port** - Events are sent through this port if no error occurs while processing them.
* **Error port** - Events are sent through this port if an error occurs while processing them.

</details>

## Configuration

{% stepper %}
{% step %}
Find **Field Transformation** in the **Actions** tab (under the **Transformation** group) and drag it onto the canvas.
{% endstep %}

{% step %}
To open the configuration, click the Action in the canvas and select **Configuration**.
{% endstep %}

{% step %}
Enter the required parameters:

<table><thead><tr><th width="177.1953125">Parameter</th><th>Description</th><th data-hidden></th></tr></thead><tbody><tr><td><strong>Field to transform</strong><mark style="color:red;"><strong>*</strong></mark></td><td><p>Choose a field from the linked Listener/Action to transform in your Action using the drop-down. </p><p></p><p>Add as many fields as required using the <strong>Add New Field</strong> button.</p></td><td></td></tr><tr><td><strong>Operations</strong><mark style="color:red;"><strong>*</strong></mark></td><td><p><a href="field-transformation/field-transformation-operations">See a comprehensive list of all the available operations for this Action.</a> </p><p></p><p>Please bear in mind that the options available in this window will depend on the field to transform. </p><p></p><p>Add as many Operations as required using <strong>Add Operation.</strong> You can also use the arrow keys on your keyboard to navigate up and down the list.</p><p></p><p>If you have added more than one operation, you can reorder them by dragging and dropping them into position.</p></td><td></td></tr><tr><td><strong>Test your operation</strong></td><td><p>Before saving your action, you can test it to see the outcome.</p><p>Type a message in the <strong>Input</strong> field and see it transformed in the <strong>Output</strong> field after passing through the selected operation(s).</p></td><td></td></tr><tr><td><strong>Output field</strong><mark style="color:red;"><strong>*</strong></mark></td><td>Give a name to the transformed field and click <strong>Save</strong> to complete.</td><td></td></tr></tbody></table>
{% endstep %}

{% step %}
Click **Save** to complete the process.
{% endstep %}
{% endstepper %}

<figure><picture><source srcset="https://965373739-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FkxZeV4nlXcIAjMGZxzLI%2Fuploads%2FofqC7rIw9Qq3tb36vMHS%2Ffield-tranformation-configuration-dark.png?alt=media&#x26;token=bc9bcac0-5a7a-499e-ad8e-727a725fea7c" media="(prefers-color-scheme: dark)"><img src="https://965373739-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FkxZeV4nlXcIAjMGZxzLI%2Fuploads%2Fa1EMzy5ndAB2qDYV5RE8%2Ffield-tranformation-configuration-light.png?alt=media&#x26;token=1e20806d-fe43-4ea4-a08d-b0ddb6a1f0a3" alt=""></picture><figcaption></figcaption></figure>

## Example

Here is an example of a data set on the Bytes in/out from IP addresses.

We can use the field transformation operations to reduce the quantity of data sent.

<figure><picture><source srcset="https://965373739-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FkxZeV4nlXcIAjMGZxzLI%2Fuploads%2FAk5S6A1gBzQbvBgFbrVU%2Fexample%20dark.png?alt=media&#x26;token=06f72ce9-b1f6-4e07-b5d1-8c06664d02e5" media="(prefers-color-scheme: dark)"><img src="https://965373739-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FkxZeV4nlXcIAjMGZxzLI%2Fuploads%2Fyl7KkOXkMZYrTm8aFR42%2Fexample%20light.png?alt=media&#x26;token=f81e63bc-452d-4338-ad3a-28c0bea03c93" alt=""></picture><figcaption></figcaption></figure>

We have a Syslog Listener, connected to a **Parser.**

<details>

<summary>Click if you need help configuring the Parser</summary>

Configure the parser as follows:

**Paste input:**

<pre><code><strong>518;650;192.168.70.224;60045;192.168.70.210;3871;server.example.com
</strong></code></pre>

This is the data in its raw format.

Select **Manual** in the parser drop-down, go to code mode using the button on the right, and paste this log:

```
{fieldName1:csv(separator=";", indices=[0:string(alias="BYTES_IN"),1:string(alias="BYTES_OUT"),2:string(alias="SOURCE_IP_ADDRESS"),3:string(alias="SOURCE_PORT"),4:string(alias="DESTINATION_IP_ADDRESS"),5:string(alias="DESTINATION_PORT"),6:string(alias="DESTINATION_HOST")], totalColumns=7)}
```

You have manually parsed the raw data into separate fields. This is reflected in the output field.

<img src="https://965373739-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FkxZeV4nlXcIAjMGZxzLI%2Fuploads%2Fd7nEhTNr537iGI8DbWKz%2Fparser%20light%20.png?alt=media&#x26;token=21ccb0b6-f66f-4b7a-a232-7817fa744445" alt="" data-size="original">

</details>

Link the Parser to the **Field Transformation** action and open its configuration.

We will use the[ To IP Hex and CRC32 operations.](https://docs.onum.com/the-workspace/pipelines/actions/transformation/field-transformation/field-transformation-operations)

<table><thead><tr><th>Input</th><th>Output</th><th data-hidden></th></tr></thead><tbody><tr><td>DESTINATION_IP_ADDRESS: <code>192.168.70.210518</code></td><td>DestinationIPAddressHex: <code>c0.a8.46.d2.224</code></td><td></td></tr><tr><td>DESTINATION_HOST: <code>server.example.com</code></td><td><p>DestinationHostCRC32: </p><p><code>0876633F</code></p></td><td></td></tr></tbody></table>

#### Destination IP to Hex

Transform the Destination IP to hexadecimal to reduce the number of characters. &#x20;

| Original IP       | Hexadecimal     |
| ----------------- | --------------- |
| 192.168.70.210518 | c0.a8.46.d2.224 |

* **Field>Parser:** DESTINATION\_IP\_ADDRESS
* **Operation**: To IP Hex
* **Output Field**: DestinationIPAddessHex

**Add a new field for Destination Host to CRC32**

Codify the Destination Host as crc32 to transform the machine name into 8 characters.

| Original           | CRC32    |
| ------------------ | -------- |
| server.example.com | 0876633F |

* **Field>Parser:** DESTINATION\_HOST
* **Operation:** Crc32
* **Output field:** DestinationHostCrc32