Hi Werner, support for multiple match groups will most likely not be added to the RegEx extractor.
But you can use the message processing pipelines <http://docs.graylog.org/en/2.0/pages/pipelines.html> to write a rule doing what you want or use a Grok extractor instead. Cheers, Jochen On Monday, 29 August 2016 02:30:40 UTC+2, Werner van der Merwe wrote: > > Possible duplicate of > https://github.com/Graylog2/graylog2-server/issues/2742 ? > > > On Monday, August 29, 2016 at 11:30:28 AM UTC+12, Werner van der Merwe > wrote: >> >> Hi, >> >> It seems that if I create an extractor, I have to create an extractor for >> each field I want to store, is this correct? >> >> If so, what would be helpful (for me), and what I am using NXLog for at >> the moment, is to have to option to extract and store multiple regex groups >> in one extracter. >> >> For example being able to do this using a single extractor entry rather >> than creating multiples: >> >> Exec if $raw_event =~ /^(\S+) (\S+) (\S+) \[([^\]]+)\] \"(\S+) (.+) >> HTTP.\d\.\d\" (\d+) (\d+) \"([^\"]+)\" \"([^\"]+)\"/\ >> { \ >> $Hostname = $1; \ >> if $3 != '-' $AccountName = $3; \ >> $EventTime = parsedate($4); \ >> $HTTPMethod = $5; \ >> $HTTPURL = $6; \ >> $HTTPResponseStatus = $7; \ >> $FileSize = $8; \ >> $HTTPReferer = $9; \ >> $HTTPUserAgent = $10; \ >> } >> >> Is this possible, or would it be possible at some point in the future? >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/dab4fa2f-8bd9-425b-9592-f5d9e017dc25%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
