I'm running the appliance of 2.0-beta3 at home just to test things out and I'm running into an issue parsing a log that comes in an XML format using regex. They are single line messages and I'm passing them in using filebeat. I can't get a regex to match the tags in the message to allow me to parse out the information.
For example (using the message below), I was using the regex <ID>(.*)<\/ID> to try to parse out the ID field and i get no matches. I'm not the greatest at regex, but every tester I've tried matches the data in the ID field when using that pattern. I tried escaping all of the angle brackets and that didn't change the result. Trying to match directly on any particular string fails too. If I try using classes I get odd results like: ([[:graph:]]) or ([[:ascii:]]) i get a match on 'a'. ([[:alnum:]]) i get a match on 'n'. *Message:* <Event><ID>04f4f9f8-24db-4f30-bfa0-cf4197383ac1</ID><DateTime>2016-04-21T22:57:34.923</DateTime><Permit><Location><LocGuid>2a4ff629-31bb-48a9-b9a0-79249142b5c1</LocGuid></Location><LocEntry><EntryType>2</EntryType><EntryName>PimIndexMaintenanceSvc_50cca</EntryName><AutoExecFiles><AutoExecFile><AEFRawString>C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup</AEFRawString><AEFFile>C:\WINDOWS\system32\svchost.exe</AEFFile><AEFAttributes><AEFAttribute><AEFAttrSizeHigh>0</AEFAttrSizeHigh><AEFAttrSizeLow>43944</AEFAttrSizeLow><AEFAttrMD5>8497852ED44AFF902D502015792D315D</AEFAttrMD5></AEFAttribute></AEFAttributes></AutoExecFile></AutoExecFiles></LocEntry><Mode><ModeEnum>4</ModeEnum><AdminInstall /><InstallName>Google Updater UA - User - 04/21/16 - 3:59:02 pm</InstallName></Mode></Permit></Event> I know its probably something small I'm missing in my regex, but I'm at my wit's end with this one. Any suggestions? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/f967b16d-6ed3-4a18-b9d6-cf4921938335%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
