Hey Jesse!
We are planning to implement OR-concatenation of rules for the next major
release of Graylog. This will probably help you a lot for this specific use
case to make stream matching faster. Until then, you could try increasing the
“stream_processing_timeout” tunable in your server config. It is specified in
ms and the current default for it is 2000 (2 seconds). Be warned though that
this could have an impact on the overall processing capacity of your Graylog
instance.
Kr,
D.
--
Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609 452 078
TORCH GmbH - A Graylog company
Steckelhörn 11
20457 Hamburg
Germany
Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)
> On 06.07.2015, at 18:02, Jesse Skrivseth <voodood...@gmail.com> wrote:
>
> I have a stream with one defined regex rule, a simple:
>
> 'source' must match regular expression '(1\.2\.3\.4|9\.8\.7\.6)'
>
> kind of thing. There are 6 IP addresses in this particular inclusive list. I
> don't think the regex is performing slowly enough to stop the stream
> processing, but perhaps the system as a whole is periodically busy doing
> other things which delay the stream processor long enough to terminate it. It
> would need to take 2+ seconds to process one of these matches in order to
> terminate it, and I highly doubt this regex could ever take that long. It
> seems like a "relative vs absolute clock" issue in the way these are being
> timed.
>
> It would be nice to just do exact matches on a logical OR list of values, but
> as far as I can tell that's not possible.
>
> Any ideas out there? Thanks!
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "graylog2" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
