Hi Chad,
if you're simply looking for "SomeProc" inside the "message" field, why not
use the contains() function? Why would that be more cumbersome?
Cheers,
Jochen
On Wednesday, 25 May 2016 23:18:20 UTC+2, Chad Sheets wrote:
>
> I'm attempting to drop messages according to regular expressions and was
> wondering if it can be done with pipelines.
>
> Looking at various other sources and reading the docs I came up with
> something like this:
>
> rule "drop via regex"
> when
> regex("^.+SomeProc"), to_string($message.message)).matches
> then
> drop_message();
> end
>
>
>
> however I can't get it to work.
>
> I could, alternatively, attempt to use a string of ` contains(...) `
> though that seems more cumbersome.
>
> Please also let me know if I'm going about this the wrong way. I'm
> attempting to use pipelines over drools since that seems to be the
> direction graylog is heading.
>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/150334c2-b18e-43fc-a144-830c1db3c42f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
