Re: [graylog2] regex.groups in Pipeline rule function
Thank you so much Edmundo. I had been looking high and low for such an example. On Wednesday, June 22, 2016 at 6:27:59 PM UTC+9, Edmundo Alvarez wrote: > > Hi John, > > Looking at this example [1], I think you can access the groups returned by > the regex function by using `location["lat"]` and `location["long"]`. > > 1: > https://github.com/Graylog2/graylog-plugin-pipeline-processor/blob/master/src/test/resources/org/graylog/plugins/pipelineprocessor/functions/regexMatch.txt > > > Regards, > Edmundo > > > On 22 Jun 2016, at 10:27, John Munro> wrote: > > > > I cannot find the group return from the regex function. Where am I > going wrong? > > > > rule "function add_latlong" > > when > > has_field("Remote_IP_geolocation") > > then > > // extract the latitude and longitude > > let location = > regex("(-?\\d+\\.\\d+),(-?\\d+\\.\\d+)",to_string($message.Remote_IP_geolocation),["lat","long"]); > > > > let lat = location.groups.lat; > > let long = location.groups.long; > > set_field("Remote_IP_lat", lat); > > set_field("Remote_IP_long", long); > > end > > > > I have tried location.lat and a number of other combinations without > success. > > > > Thanks for any help you can give. > > > > -- > > You received this message because you are subscribed to the Google > Groups "Graylog Users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to graylog2+u...@googlegroups.com . > > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/66a08a73-54f6-4fd8-9b82-9afad785f36c%40googlegroups.com. > > > > For more options, visit https://groups.google.com/d/optout. > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/f91c55c8-b73c-4bbb-a07f-8347266d7628%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [graylog2] regex.groups in Pipeline rule function
Hi John, Looking at this example [1], I think you can access the groups returned by the regex function by using `location["lat"]` and `location["long"]`. 1: https://github.com/Graylog2/graylog-plugin-pipeline-processor/blob/master/src/test/resources/org/graylog/plugins/pipelineprocessor/functions/regexMatch.txt Regards, Edmundo > On 22 Jun 2016, at 10:27, John Munrowrote: > > I cannot find the group return from the regex function. Where am I going > wrong? > > rule "function add_latlong" > when > has_field("Remote_IP_geolocation") > then > // extract the latitude and longitude > let location = > regex("(-?\\d+\\.\\d+),(-?\\d+\\.\\d+)",to_string($message.Remote_IP_geolocation),["lat","long"]); > let lat = location.groups.lat; > let long = location.groups.long; > set_field("Remote_IP_lat", lat); > set_field("Remote_IP_long", long); > end > > I have tried location.lat and a number of other combinations without success. > > Thanks for any help you can give. > > -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to graylog2+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/66a08a73-54f6-4fd8-9b82-9afad785f36c%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/993AAD73-5A97-417F-9710-64F2885F5B2D%40graylog.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] regex.groups in Pipeline rule function
I cannot find the group return from the regex function. Where am I going wrong? rule "function add_latlong" when has_field("Remote_IP_geolocation") then // extract the latitude and longitude let location = regex("(-?\\d+\\.\\d+),(-?\\d+\\.\\d+)",to_string($message. Remote_IP_geolocation),["lat","long"]); let lat = location.groups.lat; let long = location.groups.long; set_field("Remote_IP_lat", lat); set_field("Remote_IP_long", long); end I have tried location.lat and a number of other combinations without success. Thanks for any help you can give. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/66a08a73-54f6-4fd8-9b82-9afad785f36c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.