I have a stream with one defined regex rule, a simple: 'source' must match regular expression '(1\.2\.3\.4|9\.8\.7\.6)'
kind of thing. There are 6 IP addresses in this particular inclusive list. I don't think the regex is performing slowly enough to stop the stream processing, but perhaps the system as a whole is periodically busy doing other things which delay the stream processor long enough to terminate it. It would need to take 2+ seconds to process one of these matches in order to terminate it, and I highly doubt this regex could ever take that long. It seems like a "relative vs absolute clock" issue in the way these are being timed. It would be nice to just do exact matches on a logical OR list of values, but as far as I can tell that's not possible. Any ideas out there? Thanks! -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
