Arrgh...
finally solved it - just needed a sleep. Solution was to split the OR for
the first part of the string then the field and the last part of the string
as another or.
ESXI_PID (((\: cpu\d+:)|(\[))%{POSINT:process_id}((\))|(\]:)))|(\:)
Don't think it's a bug ;-) The online validators solved the double assigned
field but only in an array - so even there it wasn't clean. My fault.
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/d6ff5200-038e-46de-84e7-409fc5d1dcca%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
