Hi Chad,
if you're simply looking for "SomeProc" inside the "message" field, why not
use the contains() function? Why would that be more cumbersome?
Cheers,
Jochen
On Wednesday, 25 May 2016 23:18:20 UTC+2, Chad Sheets wrote:
>
> I'm attempting to drop messages according to regular expressions and was
> wondering if it can be done with pipelines.
>
> Looking at various other sources and reading the docs I came up with
> something like this:
>
> rule "drop via regex"
> when
> regex("^.+SomeProc"), to_string($message.message)).matches
> then
> drop_message();
> end
>
>
>
> however I can't get it to work.
>
> I could, alternatively, attempt to use a string of ` contains(...) `
> though that seems more cumbersome.
>
> Please also let me know if I'm going about this the wrong way. I'm
> attempting to use pipelines over drools since that seems to be the
> direction graylog is heading.
>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/150334c2-b18e-43fc-a144-830c1db3c42f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
