I'm running the appliance of 2.0-beta3 at home just to test things out and I'm running into an issue parsing a log that comes in an XML format using regex. They are single line messages and I'm passing them in using filebeat. I can't get a regex to match the tags in the message to allow me to parse out the information.
For example (using the message below), I was using the regex <ID>(.*)<\/ID> to try to parse out the ID field and i get no matches. I'm not the greatest at regex, but every tester I've tried matches the data in the ID field when using that pattern. I tried escaping all of the angle brackets and that didn't change the result. Trying to match directly on any particular string fails too. If I try using classes I get odd results like: ([[:graph:]]) or ([[:ascii:]]) i get a match on 'a'. ([[:alnum:]]) i get a match on 'n'. *Message:* <Event><ID>04f4f9f8-24db-4f30-bfa0-cf4197383ac1</ID><DateTime>2016-04-21T22:57:34.923</DateTime><Permit><Location><LocGuid>2a4ff629-31bb-48a9-b9a0-79249142b5c1</LocGuid></Location><LocEntry><EntryType>2</EntryType><EntryName>PimIndexMaintenanceSvc_50cca</EntryName><AutoExecFiles><AutoExecFile><AEFRawString>C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup</AEFRawString><AEFFile>C:\WINDOWS\system32\svchost.exe</AEFFile><AEFAttributes><AEFAttribute><AEFAttrSizeHigh>0</AEFAttrSizeHigh><AEFAttrSizeLow>43944</AEFAttrSizeLow><AEFAttrMD5>8497852ED44AFF902D502015792D315D</AEFAttrMD5></AEFAttribute></AEFAttributes></AutoExecFile></AutoExecFiles></LocEntry><Mode><ModeEnum>4</ModeEnum><AdminInstall /><InstallName>Google Updater UA - User - 04/21/16 - 3:59:02 pm</InstallName></Mode></Permit></Event> I know its probably something small I'm missing in my regex, but I'm at my wit's end with this one. Any suggestions? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/f967b16d-6ed3-4a18-b9d6-cf4921938335%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
