Pipeline rule, multiple values using regex function return an empty table

piellick · January 17, 2019, 4:22pm

Hi @macko003 thanks for your help …

It has the taste of a bug

last test (i tested with the “matches” on when condition too but without result) :

rule "Generic REGEX quote extractor"
when
    true
then
debug ($message.syslog_message);
let result = regex("\'.*?\'",to_string($message.syslog_message));
debug (result);
set_fields(result);
end

Debug() output:

2019-01-17 16:18:21,607 INFO : org.graylog.plugins.pipelineprocessor.ast.functions.Function - PIPELINE DEBUG: start archive cleaner on channel '2025279_multi'|#phanes,ott,support,local4
2019-01-17 16:18:21,607 INFO : org.graylog.plugins.pipelineprocessor.ast.functions.Function - PIPELINE DEBUG: {}
2019-01-17 16:18:21,611 INFO : org.graylog.plugins.pipelineprocessor.ast.functions.Function - PIPELINE DEBUG: start purge channel '2025279_multi' from '1' (1970-01-01 00:00:01) to '1547741586' (2019-01-17 16:13:06)|#phanes,ott,support,local4
2019-01-17 16:18:21,611 INFO : org.graylog.plugins.pipelineprocessor.ast.functions.Function - PIPELINE DEBUG: {}

Regex() is still catching nothing …

Topic		Replies	Views
Pipeline rule, multiple values using regex function, only possible to return value ["0"] Graylog Central (peer support) pipeline-rules , debuggingpl	2	2238	April 27, 2020
Need some help with regex in pipeline rule Graylog Central (peer support) pipeline-rules	2	2767	July 7, 2023
Graylog pipeline regex multi match Graylog Central (peer support) pipeline-rules	5	4851	July 15, 2020
Pipelines and regex (and some extractor talk) Graylog Central (peer support) regex-special-charac	6	876	July 11, 2023
Issue with regex-array in pipeline-rule Graylog Central (peer support) pipeline-rules	3	1489	May 8, 2020

Pipeline rule, multiple values using regex function return an empty table

Related topics