I added this Github issue so you can track the issue I mentioned in point
number 2:
https://github.com/Graylog2/graylog-plugin-pipeline-processor/issues/46
Cheers,
Edmundo
> On 18 Jul 2016, at 10:51, Edmundo Alvarez <edmu...@graylog.com> wrote:
>
> I spent some time debugging the issue, and I found two of them:
>
> 1. The when expression should be wrapped in a "to_bool" function, otherwise
> the parser gets confused about it and replaces it with "false":
>
> to_bool(regex("[^0-9a-zA-Z]([0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+)[^0-9a-zA-Z].*[^0-9a-zA-Z]([0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+)[^0-9a-zA-Z]",to_string($message.message)).matches)
>
> 2. There seems to be some problems when handling strings containing
> backslashes. You need to escape them so they get parsed, but then the escape
> character is still being used in the regular expression. I will investigate
> further and keep you posted on that.
>
> Cheers,
> Edmundo
>
>> On 13 Jul 2016, at 12:31, Jason Haar <jason_h...@trimble.com> wrote:
>>
>>
>> On Mon, Jul 11, 2016 at 11:28 AM, Jason Haar <jason_h...@trimble.com> wrote:
>> If I take the regex I wrote in this rule (as per first email), replace '\\'
>> with '\', then the regex works fine via egrep. It's a simple "when, do this"
>> type statement: I can't see what's gone wrong in it
>>
>> Oh - and thanks to your comment about the regex needing to match the entire
>> line, I put ".*" at the beginning and end - but it made no difference. Still
>> no Cisco syslog messages (as above) match
>>
>>
>> --
>> Cheers
>>
>> Jason Haar
>> Information Security Manager, Trimble Navigation Ltd.
>> Phone: +1 408 481 8171
>> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Graylog Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to graylog2+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/graylog2/CAFChrgJZng%2Bzc-iZ%2Bv73%2Bd8Q6YatVATaDtj2R%3Dd7sR9iXZfbHQ%40mail.gmail.com.
>> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/BA27A691-42D6-46BD-80B5-988211F400B3%40graylog.com.
For more options, visit https://groups.google.com/d/optout.
