Thanks for the feedback!
On Wednesday, 31 August 2016 16:12:11 UTC+2, Jan wrote:
>
> Found the error. In my original pipeline-rule I used the "to_ip" function
> to convert the pattern match to an IP. With this setting resolving the IP
> to a geo location fails.
> I changed the rule now to convert the pattern match to a string by using
> the "to_string" function. Voila... geo location works for all custom fields
> now.
>
> This is what my rule looks like now:
>
> let matcherSrcIp = regex(".*srcip=((?<![0-9])(?:(
> ?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,
> 2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|
> 25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5]))(?![0-9])).*",
> to_string($message.message));
> set_field("FW_SourceIP", to_string(matcherSrcIp["0"]));
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/b117a1a1-405d-4f29-b4a7-576eba99f0a8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
