Re: [graylog2] debugging pipelines is... difficult

I added this Github issue so you can track the issue I mentioned in point number 2: https://github.com/Graylog2/graylog-plugin-pipeline-processor/issues/46 Cheers, Edmundo > On 18 Jul 2016, at 10:51, Edmundo Alvarez wrote: > > I spent some time debugging the issue, and I

Re: [graylog2] debugging pipelines is... difficult

I spent some time debugging the issue, and I found two of them: 1. The when expression should be wrapped in a "to_bool" function, otherwise the parser gets confused about it and replaces it with "false":

Re: [graylog2] debugging pipelines is... difficult

On Mon, Jul 11, 2016 at 11:28 AM, Jason Haar wrote: > If I take the regex I wrote in this rule (as per first email), replace > '\\' with '\', then the regex works fine via egrep. It's a simple "when, do > this" type statement: I can't see what's gone wrong in it > Oh -

Re: [graylog2] debugging pipelines is... difficult

On Fri, Jul 8, 2016 at 10:32 PM, Edmundo Alvarez wrote: > > It's hard to tell what is wrong from here, since we can't exactly see how > your messages look like. Could you share a couple of messages with us? > > Please be aware that at the moment, the "regex" function needs

Re: [graylog2] debugging pipelines is... difficult

Hi Jason, It's hard to tell what is wrong from here, since we can't exactly see how your messages look like. Could you share a couple of messages with us? Please be aware that at the moment, the "regex" function needs to match the whole string: