Re: [graylog2] regex.groups in Pipeline rule function

2016-06-22 Thread John Munro 
Thank you so much Edmundo.  I had been looking high and low for such an 
example.

On Wednesday, June 22, 2016 at 6:27:59 PM UTC+9, Edmundo Alvarez wrote:
>
> Hi John, 
>
> Looking at this example [1], I think you can access the groups returned by 
> the regex function by using `location["lat"]` and `location["long"]`. 
>
> 1: 
> https://github.com/Graylog2/graylog-plugin-pipeline-processor/blob/master/src/test/resources/org/graylog/plugins/pipelineprocessor/functions/regexMatch.txt
>  
>
> Regards, 
> Edmundo 
>
> > On 22 Jun 2016, at 10:27, John Munro  
> wrote: 
> > 
> > I cannot find the group return from the regex function.  Where am I 
> going wrong? 
> > 
> > rule "function add_latlong" 
> > when 
> >   has_field("Remote_IP_geolocation") 
> > then 
> >   // extract the latitude and longitude 
> >   let location = 
> regex("(-?\\d+\\.\\d+),(-?\\d+\\.\\d+)",to_string($message.Remote_IP_geolocation),["lat","long"]);
>  
>
> >   let lat = location.groups.lat; 
> >   let long = location.groups.long;   
> >   set_field("Remote_IP_lat", lat); 
> >   set_field("Remote_IP_long", long); 
> > end 
> > 
> > I have tried location.lat and a number of other combinations without 
> success. 
> > 
> > Thanks for any help you can give. 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Graylog Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to graylog2+u...@googlegroups.com . 
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/66a08a73-54f6-4fd8-9b82-9afad785f36c%40googlegroups.com.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/f91c55c8-b73c-4bbb-a07f-8347266d7628%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] regex.groups in Pipeline rule function

2016-06-22 Thread Edmundo Alvarez 
Hi John,

Looking at this example [1], I think you can access the groups returned by the 
regex function by using `location["lat"]` and `location["long"]`.

1: 
https://github.com/Graylog2/graylog-plugin-pipeline-processor/blob/master/src/test/resources/org/graylog/plugins/pipelineprocessor/functions/regexMatch.txt

Regards,
Edmundo

> On 22 Jun 2016, at 10:27, John Munro  wrote:
> 
> I cannot find the group return from the regex function.  Where am I going 
> wrong?
> 
> rule "function add_latlong"
> when
>   has_field("Remote_IP_geolocation")
> then
>   // extract the latitude and longitude
>   let location = 
> regex("(-?\\d+\\.\\d+),(-?\\d+\\.\\d+)",to_string($message.Remote_IP_geolocation),["lat","long"]);
>   let lat = location.groups.lat;
>   let long = location.groups.long;  
>   set_field("Remote_IP_lat", lat);
>   set_field("Remote_IP_long", long);
> end
> 
> I have tried location.lat and a number of other combinations without success.
> 
> Thanks for any help you can give.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/66a08a73-54f6-4fd8-9b82-9afad785f36c%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/993AAD73-5A97-417F-9710-64F2885F5B2D%40graylog.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] regex.groups in Pipeline rule function

2016-06-22 Thread John Munro 
I cannot find the group return from the regex function.  Where am I going 
wrong?

rule "function add_latlong"
when
  has_field("Remote_IP_geolocation")
then
  // extract the latitude and longitude
  let location = regex("(-?\\d+\\.\\d+),(-?\\d+\\.\\d+)",to_string($message.
Remote_IP_geolocation),["lat","long"]);
  let lat = location.groups.lat;
  let long = location.groups.long;  
  set_field("Remote_IP_lat", lat);
  set_field("Remote_IP_long", long);
end

I have tried location.lat and a number of other combinations without 
success.

Thanks for any help you can give.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/66a08a73-54f6-4fd8-9b82-9afad785f36c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.