How use Regex in Graylog

Hi guys, I’m a new member here and need a help!
I’m trying to use regex with Graylog, but without success yet.
Example below:

health,warning PSU1 entered state FAIL
health,warning PSU2 entered state FAIL
health,warning PSU3 entered state FAIL



The Regex request can’t be found.

I started using Graylog recently, so there’s a chance I’m doing it wrong.


  • OS: Ubuntu 20.
  • Docker version 24.0.0
  • Graylog 4.2
  • Elasticsearch 7.2
  • Mongo 4.2

Hey @TiagoAntonio019

The general query format is:

field_name:/regular expression/



Hi, thanks for your reply.
It’s not working for me!
For example:
It works:
message: PSU1

Doesn’t work:
message: /PSU1/

When I try to use /PSU[0-9]/ the text turns red.

try to catch your field with an grok pattern in a pipeline into a unique field. Then try to search on that field, and not on the message-field.

Try this…

message: PSU1\[0-9\]

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.