Boolean value, boolean operators and boolean expression in pipeline condition

Recently, i found some boolean related issues. as there are statements in the document:


In Graylog’s rules the when clause is a boolean expression, which is evaluated against the processed message.

Expressions support the common boolean operators AND (or &&), OR (||), NOT (!), and comparison operators (<, <=, >, >=, ==, !=).

Issue 1:

while use “regex(…).matches” as the boolean expression and the evaluation will be false, but “regex(…).matches == true” will be true.

Issue 2:

using the following rule to set a new field “x_has_field", we will got a value of true:

rule "input message does not come with 7 fields"
	has_field("x_error_found") == false
//	set_field("x_error_found",true);
//	set_field("x_errors","input message does not come with 7 fields;");

issue 3:

using a boolean expression with something like regex(…).matches && NOT regex(…).matches will report error, but the document does state the NOT being a boolean operator.

it is not so easy to catch up…, anything behind this ?

Please create bug reports for these issues at


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.