Pipeline Rule Filter Question

ThomasPowers · November 20, 2019, 5:07pm

Hello GL fans,

Simple pipeline rule question

We are trying to filter out messages with certain file paths in them.

This line works:
regex(“EMSAgent.exe”, to_string($message.full_message)).matches == false

But this one, trying to add the folder paths does not (note that the GUI has big red X on the backslashes till I have 4 of them)…

regex(“MaaS360\\Cloud Extender\\EMSAgent.exe”, to_string($message.full_message)).matches == false

All insight is appreciated

Thanks

TP

shoothub · November 21, 2019, 7:41am

You are right, java regex requires four backslashes \\\\ to escape one backslash \

I tried your regex and it works for me:

rule "test"
when
    has_field("full_message") AND regex("MaaS360\\\\Cloud Extender\\\\EMSAgent.exe", to_string($message.full_message)).matches == true
then
    let debug_message = concat("maas: ", to_string($message.full_message));
    debug(debug_message);
    set_field("maas", "MaaS360");
end

system · December 5, 2019, 7:41am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Regex in pipeline "when" not working Graylog Central (peer support) pipeline-rules , route-to-streampl	2	1830	February 7, 2018
Pipelines with regex and special character Graylog Central (peer support) pipeline-rules , regex-special-charac	6	5076	April 11, 2018
Wildcard Searching within Pipeline Rule Graylog Central (peer support) pipeline-rules	6	1248	March 11, 2019
Regex works in search but not in Stream Graylog Central (peer support) pipeline-rules	6	554	July 22, 2021
Regex in search bar is working but doesn't work in Pipeline rule Graylog Central (peer support) pipeline-rules	21	946	March 22, 2023

Pipeline Rule Filter Question

Related topics