Pipeline Rule Filter Question

Hello GL fans,

Simple pipeline rule question

We are trying to filter out messages with certain file paths in them.

This line works:
regex(“EMSAgent.exe”, to_string($message.full_message)).matches == false

But this one, trying to add the folder paths does not (note that the GUI has big red X on the backslashes till I have 4 of them)…

regex(“MaaS360\\Cloud Extender\\EMSAgent.exe”, to_string($message.full_message)).matches == false

All insight is appreciated



You are right, java regex requires four backslashes \\\\ to escape one backslash \

I tried your regex and it works for me:

rule "test"
    has_field("full_message") AND regex("MaaS360\\\\Cloud Extender\\\\EMSAgent.exe", to_string($message.full_message)).matches == true
    let debug_message = concat("maas: ", to_string($message.full_message));
    set_field("maas", "MaaS360");
1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.