Re: [graylog2] Regex match not working

2016-03-30 Thread Edmundo Alvarez 
Precisely. The condition is evaluated before the extractor runs, to check if it 
should attempt the extraction for that field or not.
Edmundo

> On 30 Mar 2016, at 13:03, Daniel Niasoff  wrote:
> 
> Are you saying that the regex condition works on the whole message not the 
> extracted field?
> 
> On Wednesday, 30 March 2016 10:16:48 UTC+1, Edmundo Alvarez wrote:
> Hi Daniel, 
> 
> The regex condition you use will always try to extract the 4th split element, 
> if there is a number in the whole message field, as it's the one you use for 
> the extractor. I guess some of your messages contain numbers, but not in the 
> place you want them to be. If that is the case, I would start by trying to 
> find a better patter to differentiate between both messages. 
> 
> Regards, 
> Edmundo 
> 
> > On 29 Mar 2016, at 23:32, Daniel Niasoff  wrote: 
> > 
> > Hi 
> > 
> > I have an extractor that tried to extract a numeric field from a message. 
> > 
> > I am using split and index and field content can sometimes contain a "-" 
> > instead of a number. 
> > 
> > I have a regex pattern that checks for valid numerals -  "\d+" 
> > 
> > But Graylog still extracts the field even if it just contains a "-" which 
> > messes up statistics. 
> > 
> > Here is the config of the extractor. 
> > 
> > 
> >   { 
> >   "condition_type": "regex", 
> >   "condition_value": "\d+", 
> >   "converters": [ 
> > { 
> >   "type": "numeric", 
> >   "config": {} 
> > } 
> >   ], 
> >   "cursor_strategy": "copy", 
> >   "extractor_config": { 
> > "index": 4, 
> > "split_by": " ' %1B ' " 
> >   }, 
> >   "extractor_type": "split_and_index", 
> >   "order": 3, 
> >   "source_field": "message", 
> >   "target_field": "Client-Time-Taken", 
> >   "title": "Client-Time-Taken" 
> > }, 
> > 
> > Any ideas? 
> > 
> > Thanks 
> > 
> > Daniel 
> > 
> > -- 
> > You received this message because you are subscribed to the Google Groups 
> > "Graylog Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send an 
> > email to graylog2+u...@googlegroups.com. 
> > To view this discussion on the web visit 
> > https://groups.google.com/d/msgid/graylog2/c55d782d-3ead-4af4-b645-01cca05069a5%40googlegroups.com.
> >  
> > For more options, visit https://groups.google.com/d/optout. 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/04978e9f-c241-4201-8125-933e3808004a%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/E91D8304-0B88-4F63-A983-2043625A4C2C%40graylog.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Regex match not working

2016-03-30 Thread Daniel Niasoff 
Are you saying that the regex condition works on the whole message not the 
extracted field?

On Wednesday, 30 March 2016 10:16:48 UTC+1, Edmundo Alvarez wrote:
>
> Hi Daniel, 
>
> The regex condition you use will always try to extract the 4th split 
> element, if there is a number in the whole message field, as it's the one 
> you use for the extractor. I guess some of your messages contain numbers, 
> but not in the place you want them to be. If that is the case, I would 
> start by trying to find a better patter to differentiate between both 
> messages. 
>
> Regards, 
> Edmundo 
>
> > On 29 Mar 2016, at 23:32, Daniel Niasoff  > wrote: 
> > 
> > Hi 
> > 
> > I have an extractor that tried to extract a numeric field from a 
> message. 
> > 
> > I am using split and index and field content can sometimes contain a "-" 
> instead of a number. 
> > 
> > I have a regex pattern that checks for valid numerals -  "\d+" 
> > 
> > But Graylog still extracts the field even if it just contains a "-" 
> which messes up statistics. 
> > 
> > Here is the config of the extractor. 
> > 
> > 
> >   { 
> >   "condition_type": "regex", 
> >   "condition_value": "\d+", 
> >   "converters": [ 
> > { 
> >   "type": "numeric", 
> >   "config": {} 
> > } 
> >   ], 
> >   "cursor_strategy": "copy", 
> >   "extractor_config": { 
> > "index": 4, 
> > "split_by": " ' %1B ' " 
> >   }, 
> >   "extractor_type": "split_and_index", 
> >   "order": 3, 
> >   "source_field": "message", 
> >   "target_field": "Client-Time-Taken", 
> >   "title": "Client-Time-Taken" 
> > }, 
> > 
> > Any ideas? 
> > 
> > Thanks 
> > 
> > Daniel 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Graylog Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to graylog2+u...@googlegroups.com . 
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/c55d782d-3ead-4af4-b645-01cca05069a5%40googlegroups.com.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/04978e9f-c241-4201-8125-933e3808004a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Regex match not working

2016-03-29 Thread Daniel Niasoff 
Hi 

I have an extractor that tried to extract a numeric field from a message.

I am using split and index and field content can sometimes contain a "-" 
instead of a number.

I have a regex pattern that checks for valid numerals -  "\d+"

But Graylog still extracts the field even if it just contains a "-" which 
messes up statistics.

Here is the config of the extractor.


  {
  "condition_type": "regex",
  "condition_value": "\d+",
  "converters": [
{
  "type": "numeric",
  "config": {}
}
  ],
  "cursor_strategy": "copy",
  "extractor_config": {
"index": 4,
"split_by": " ' %1B ' "
  },
  "extractor_type": "split_and_index",
  "order": 3,
  "source_field": "message",
  "target_field": "Client-Time-Taken",
  "title": "Client-Time-Taken"
},

Any ideas?

Thanks

Daniel

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c55d782d-3ead-4af4-b645-01cca05069a5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.