I’m having a hard time getting my regex rules to work in Graylog, more specifically in the extractors feature, like the examples below, I’m trying to get specific data inside of the message field, but, the more awkward to me is that my regex seems to work on the regex simulator like “https://regex101.com/”, but not work inside Graylog extractors.
Example of a regex that I’m using
I’m using dummy values for privacy reasons but the words are representing as the real data is.
I’m trying to understand the correct semantics and parameters supported by this regex implementation inside Graylog, but I failing hard to achieve this, if it’s possible, could you guys explain a little bit where am I doing wrong? is the Graylog that do not supports some of the parameters?
As you can see too, the message field contains some other data that I could get, do you know if it’s possible to get that using regex? because in my understanding of the documentation, the regex in Graylog will only get the first group match, am I right?
I have searched a lot but I could not find more examples of regex being used for this purpose (as an extractor), I have seen some examples, but used for pipelines and in grok patterns, but I have the feeling that inside the extractor the regex does not work in the same way, like if it’s not supported all the parameters or maybe it’s just lack of knowledge about this functionality.
If you have examples or tips, I will be very appreciative.
Thanks in advance.