I’m a new user on Graylog, and I have a question with Streamline/pipeline and regex value :
I receive specific logs that contain users info where i need to detect suspicious gmail users.I’ve created a streamline "regular expression (username|userName|sub)\W+[^@]+@gmail.com " to detect such users with gmail domain.
Now i need to create a Graylog Pipeline for such regex patterns. I never created pipeline based on regex.
Here is the start of a good read on creating pipelines for security that goes into a lot more detail than the Graylog docs. The short story is you connect a Stream (That leads to a storage index) to an Input, then connect the pipeline to the stream, and have rules built into your pipeline that manipulate the date… in your case regex commands.