Hi John, Looking at this example [1], I think you can access the groups returned by the regex function by using `location["lat"]` and `location["long"]`.
1: https://github.com/Graylog2/graylog-plugin-pipeline-processor/blob/master/src/test/resources/org/graylog/plugins/pipelineprocessor/functions/regexMatch.txt Regards, Edmundo > On 22 Jun 2016, at 10:27, John Munro <mu...@dsty.ac.jp> wrote: > > I cannot find the group return from the regex function. Where am I going > wrong? > > rule "function add_latlong" > when > has_field("Remote_IP_geolocation") > then > // extract the latitude and longitude > let location = > regex("(-?\\d+\\.\\d+),(-?\\d+\\.\\d+)",to_string($message.Remote_IP_geolocation),["lat","long"]); > let lat = location.groups.lat; > let long = location.groups.long; > set_field("Remote_IP_lat", lat); > set_field("Remote_IP_long", long); > end > > I have tried location.lat and a number of other combinations without success. > > Thanks for any help you can give. > > -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to graylog2+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/66a08a73-54f6-4fd8-9b82-9afad785f36c%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/993AAD73-5A97-417F-9710-64F2885F5B2D%40graylog.com. For more options, visit https://groups.google.com/d/optout.