Hi John, Looking at this example [1], I think you can access the groups returned by the regex function by using `location["lat"]` and `location["long"]`.
1: https://github.com/Graylog2/graylog-plugin-pipeline-processor/blob/master/src/test/resources/org/graylog/plugins/pipelineprocessor/functions/regexMatch.txt Regards, Edmundo > On 22 Jun 2016, at 10:27, John Munro <[email protected]> wrote: > > I cannot find the group return from the regex function. Where am I going > wrong? > > rule "function add_latlong" > when > has_field("Remote_IP_geolocation") > then > // extract the latitude and longitude > let location = > regex("(-?\\d+\\.\\d+),(-?\\d+\\.\\d+)",to_string($message.Remote_IP_geolocation),["lat","long"]); > let lat = location.groups.lat; > let long = location.groups.long; > set_field("Remote_IP_lat", lat); > set_field("Remote_IP_long", long); > end > > I have tried location.lat and a number of other combinations without success. > > Thanks for any help you can give. > > -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/66a08a73-54f6-4fd8-9b82-9afad785f36c%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/993AAD73-5A97-417F-9710-64F2885F5B2D%40graylog.com. For more options, visit https://groups.google.com/d/optout.
