Graylog Remove Field That Matches Regular Expression

I’m trying to configure a rule that will drop remove any field that matches “Form__member_name_” with 7 digits after (i.e . Form__member_name_1234567) I have this much but I’m not sure how to go about attaching a regex to my rule:

rule "function removeFields"
when
    has_field("Form__member_name_")
then
    remove_field("Form__member_name_");
end

Is it possible to set a field to look for with a regex in your rule?

yes you can.
eg.

regex("^.*(cde\\.)(:(\\d+))?.*$", "abcde.fg").matches == true 

But maybe it’s enought

contains(to_string($message.log_type),"IIS",true)

This regex works on regex query testers but not in Graylog. Any assistance?

^(?i)([a-z]{4}).([a-z]{7}).([a-z]{6}).(\d{3})$

check your regexp and mine.
there is the reason.

From reading this, it looks like what @rmentor is trying to do is perform a regex match against the field name(s,) not the values of the fields.

AFAIK, this is not possible. You can perform the regex on the values of the fields but, not the names of fields.

@Ponet that’s exactly what I was trying to do. Thanks for the information. I’ll try to come at this from another angle.