Hi Avdhoot, the regex function follows the Java regular expression syntax: https://docs.oracle.com/javase/8/docs/api/java/util/regex/Pattern.html
You'll have to escape a few characters in your expression, e. g. \d to \\d. Cheers, Jochen On Wednesday, 10 August 2016 13:43:14 UTC+2, Avdhoot Dendge wrote: > > I am trying to match source field with regex. but graylog text editor not > allowed me to save the rule. what is wrong with below rule? plese check > attached file for graylog editor error. > > graylog version: 2.1.0-beta.2 > regex sample: http://regexr.com/3dvvs > > rule "check prod logs" > when > has_field("source") > then > > regex(pattern: "((n|p|e)\d+-c\d+|(bg|cm|nw)\d+)-xyz.abc.com", value: > $message.source); > > end > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/e3e78458-ba65-475e-bf86-228240dcee8f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
