Hi Chad,
I had a similar issue for which I found a solution: I think the reason for
your non-match is that regex() needs the pattern to match fully on the
message string. Try to modify your pattern to something like "^.+SomeProc
*.**".
*@ Jochen:* Could you comment on that? I think the reason is that
org.graylog.plugins.pipelineprocessor.functions.strings.RegexMatcher uses
Matcher.matches() which, according to javadoc, "Attempts to match the *entire
region* against the pattern." From my point of view, regex() should comply
to a standard behavior where /^foo/ matches "foobar", not requiring /^foo.*/.
Actually, I already wanted to file an issue but am afraid of rejection. ;-)
Best regards
tokred
On Wednesday, May 25, 2016 at 11:18:20 PM UTC+2, Chad Sheets wrote:
>
> I'm attempting to drop messages according to regular expressions and was
> wondering if it can be done with pipelines.
>
> Looking at various other sources and reading the docs I came up with
> something like this:
>
> rule "drop via regex"
> when
> regex("^.+SomeProc"), to_string($message.message)).matches
> then
> drop_message();
> end
>
>
>
> however I can't get it to work.
>
> I could, alternatively, attempt to use a string of ` contains(...) `
> though that seems more cumbersome.
>
> Please also let me know if I'm going about this the wrong way. I'm
> attempting to use pipelines over drools since that seems to be the
> direction graylog is heading.
>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/597eea2c-50e2-4c00-9541-a5822a6775c4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
