Can you use regex to match patterns in KQL in graylog

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

I have a use case for matching regex of any IP address in a KQL query in graylog, and I want to know if it is possible to use regex in querying graylog. Google tells me that Elasticsearch supports this with their own infrastructure, but Graylog is built on top of Elastic, an I cannot find a clear answer to whether it is supported in Graylog.

2. Describe your environment:
ubuntu 18.04

  • Package Version:

  • Service logs, configurations, and environment variables:

3. What steps have you already taken to try and solve the problem?

I found instructions for doing this in Elastic, but it is ambiguous whether I can get this working in Graylog. I thought I would ask because no one has.

4. How can the community help?

If someone knows if this is possible, please let me know. If someone knows the syntax to match any IP, even better!

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

This was asked a bit ago in the Community question - there is good information on regex as well as querying an IP

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.