Converting Regex Based Streamline into Pipeline Rules

psankar · January 31, 2023, 7:27am

Hello all,

I’m a new user on Graylog, and I have a question with Streamline/pipeline and regex value :

I receive specific logs that contain users info where i need to detect suspicious gmail users.I’ve created a streamline "regular expression (username|userName|sub)\W+[^@]+@gmail.com " to detect such users with gmail domain.

Now i need to create a Graylog Pipeline for such regex patterns. I never created pipeline based on regex.

How to create this pipeline with a regex search?

Thanks
Pranav

tmacgbay · January 31, 2023, 5:22pm

Here is the start of a good read on creating pipelines for security that goes into a lot more detail than the Graylog docs. The short story is you connect a Stream (That leads to a storage index) to an Input, then connect the pipeline to the stream, and have rules built into your pipeline that manipulate the date… in your case regex commands.

Give it a shot and see what you can do!

Topic		Replies	Views
Pipeline with regex value Graylog Central (peer support) pipeline-rules	7	4344	February 12, 2022
Doing a pipeline rule Graylog Central (peer support)	2	312	December 29, 2023
How use Regex in Graylog Graylog Central (peer support)	4	9925	July 27, 2023
Pipeline regex rule Graylog Central (peer support) pipeline-rules	7	1616	April 9, 2023
Regex in search bar is working but doesn't work in Pipeline rule Graylog Central (peer support) pipeline-rules	20	1011	March 8, 2023

Converting Regex Based Streamline into Pipeline Rules

Related topics