Hi Avdhoot, Regular expressions in pipeline rules use the Java syntax, so you need to double escape backslashes. If you need more information about regexes in Java, please take a look at the documentation: https://docs.oracle.com/javase/8/docs/api/java/util/regex/Pattern.html
Hope that helps. Regards, Edmundo > On 10 Aug 2016, at 13:31, Avdhoot Dendge <[email protected]> wrote: > > I am trying to match message source file with regex in pipeline. but gralog > text edtor not allowing me to save. what is wroing with belwo rule? check > attached file for graylog editor error. > > rule "test" > when > has_field("source") > then > > regex(pattern: "((n|p|e)\d+-c\d+|(bg|cm|nw)\d+)-xyz.abc.com", value: > $message.source); > > end > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/953c98c3-0cd9-438e-9d36-a2919721e67a%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > <regex.png> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/C160F232-64E4-4D44-ABDB-D621B05D1DB4%40graylog.com. For more options, visit https://groups.google.com/d/optout.
