Maciej Thank jou. Now I see, I was searching for these solutions to, but now we store the incomming messages fully, and do the regex on all the data in "complete messages"
It is quit a hussle to get it done but it works here. A. On Monday, February 23, 2015 at 9:07:47 AM UTC+1, Maciej Strömich wrote: > > Arie, > > I need to place several fentries in "Field" and not in "Value". Something > like: > > > <https://lh5.googleusercontent.com/-euR-_NE7cD4/VOrfZM9aJOI/AAAAAAAAAxA/Vp5LzcP0X2M/s1600/Screen%2BShot%2B2015-02-23%2Bat%2B09.05.26.png> > > > As I said we have several places where this string can be found > (depending if it's a trace or standard log) and want to catch all of them. > But as far as I see the fastest way is to change logging in our app. > > On Sunday, February 22, 2015 at 1:37:15 PM UTC+1, Arie wrote: >> >> A I sing this wrong, and is this not what he is asking for? >> >> <https://lh3.googleusercontent.com/-NXlbaRKtFns/VOnNPLIxc2I/AAAAAAAAAAM/UjRfElbg814/s1600/stream-field.png> >> >> A. >> >> >> Op vrijdag 20 februari 2015 16:30:37 UTC+1 schreef Bernd Ahlers: >>> >>> Maciek, >>> >>> a regex match for a field value is not possible at the moment, sorry. >>> >>> Bernd >>> >>> On 20 February 2015 at 16:13, Arie <[email protected]> wrote: >>> > At leas in 09.3 you can >>> > >>> > Create a stream rule, and the first possibility on top is the field, >>> > after that select regex >>> > and in that you put (cvp) >>> > >>> > >>> > >>> > >>> > On Friday, February 20, 2015 at 3:51:51 PM UTC+1, Maciej Strömich >>> wrote: >>> >> >>> >> Hi, >>> >> >>> >> >>> >> I'm trying to create a stream which will catch log entries >>> containging >>> >> "cvp" string. It's not a problem if there's only one field which >>> needs to be >>> >> checked. I've several places where this value can be found and I'm >>> wondering >>> >> is it possible to use a regex inside a "Field" input. AFAIK seperate >>> stream >>> >> rules will use AND and not OR to match messages. >>> >> >>> >> I've tried so far: >>> >> >>> >> (?:url|message) >>> >> [url|message] >>> >> url||message >>> >> >>> >> Is this even possible? >>> >> >>> >> br, >>> >> Maciek >>> > >>> > -- >>> > You received this message because you are subscribed to the Google >>> Groups >>> > "graylog2" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> an >>> > email to [email protected]. >>> > For more options, visit https://groups.google.com/d/optout. >>> >>> >>> >>> -- >>> Developer >>> >>> Tel.: +49 (0)40 609 452 077 >>> Fax.: +49 (0)40 609 452 078 >>> >>> TORCH GmbH - A Graylog company >>> Steckelhörn 11 >>> 20457 Hamburg >>> Germany >>> >>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >>> Geschäftsführer: Lennart Koopmann (CEO) >>> >> -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
