Found the error. In my original pipeline-rule I used the "to_ip" function
to convert the pattern match to an IP. With this setting resolving the IP
to a geo location fails.
I changed the rule now to convert the pattern match to a string by using
the "to_string" function. Voila... geo location works for all custom fields
now.
This is what my rule looks like now:
let matcherSrcIp = regex(".*srcip=((?<![0-9])(?:(
?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,
2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|
25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5]))(?![0-9])).*", to_string
($message.message));
set_field("FW_SourceIP", to_string(matcherSrcIp["0"]));
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/b1cc9b66-8250-4df1-b647-ec9b576102a5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
