Hi, I tested your second regex (what I need is the two words, facebok.com) and it works fine when there are three or more words, and sadly doesn't when there are exactly two words (http://facebook.com for example). Is there a way to add an alternation to the regex, like, if the first regex doesn't match any group, try GET [a-z]+://([^/]+)/ instead ? I tried this : GET [a-z]+://[^/]+\.([^/]+\.[^/]+)/ | GET [a-z]+://([^/]+)/ but it says nothing will be extracted. I must have a made a syntax mistake since I haven't used that before.
Thanks lots! On Thursday, July 14, 2016 at 11:33:10 AM UTC+4, Jason Haar wrote: > > > On Wed, Jul 13, 2016 at 10:57 PM, Zoizo <[email protected] > <javascript:>> wrote: > >> Well I'm a moron and forgot domain names could have more than two words >> too so, I'm kinda lost as to what I can do here ^^' >> > > Try a regex like "GET [a-z]+?://[^\.]+\.([^/]+)/" > > On "facebook.com" that would match "com". Assuming that's what you want > of course (I stick to "GET [a-z]+://([^/]+)/" myself) > > If you want the last two, then "GET [a-z]+://[^/]+\.([^/]+\.[^/]+)/" > should do that > > I know "https?" would be better - but I'm not near graylog at the moment > and I don't know if it's weird Java-based regex library supports that - so > I stuck with [a-z]+ to match "http" and "https" (and I guess "ftp" too) > > > -- > Cheers > > Jason Haar > Information Security Manager, Trimble Navigation Ltd. > Phone: +1 408 481 8171 > PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/659dbe1a-9cbc-4262-b3ae-b84a4b7cfdd2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
