Pipeline rule to capture a set of servers. Having trouble with the \d Numerical part.

rule “Detect CAS Servers”
when
regex("\b(cb|sl)-srv-cas\d*\b", to_string($message.HostName)).matches == true
end

Fails due to the \d*

regex("\b(cb|sl)-srv-cas(1|2)\b", to_string($message.HostName)).matches == true

(1|2) Would achieve what I need but wanted to check on the support of /d.

if single \ fail - double escape that …

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.