Converting Regex Based Streamline into Pipeline Rules

Hello all,

I’m a new user on Graylog, and I have a question with Streamline/pipeline and regex value :

I receive specific logs that contain users info where i need to detect suspicious gmail users.I’ve created a streamline "regular expression (username|userName|sub)\W+[^@] " to detect such users with gmail domain.

Now i need to create a Graylog Pipeline for such regex patterns. I never created pipeline based on regex.

How to create this pipeline with a regex search?


Here is the start of a good read on creating pipelines for security that goes into a lot more detail than the Graylog docs. The short story is you connect a Stream (That leads to a storage index) to an Input, then connect the pipeline to the stream, and have rules built into your pipeline that manipulate the date… in your case regex commands.

Give it a shot and see what you can do!

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.