Regex to find if a field exists

akankshajpr · July 9, 2019, 10:46am

Hi All,

I am trying to write a pipeline rule in which I’ve to check if a field exists with a particular regex pattern. Is there any way I can do it? Usually, we use has_field() if when we know the exact key. In this case, we don’t. For e.g. I’ve to filter all the messages which have one of the following fields:
filesystem.asd
filesystem.add
filesystem.wer

I need to write something like:
rule “filesystem_new”
when
has_field(“filesystem.*”)

Please let me know how can this be done.

jan · July 9, 2019, 12:27pm

this is not possible.

You might want to create a future request over in github for that: https://github.com/Graylog2/graylog2-server/issues

system · July 23, 2019, 12:27pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
NOT has_field in pipeline rules Graylog Central (peer support) pipeline-rules , route-to-streampl , debuggingpl	4	2375	December 10, 2019
Matching Field Contents with Regex (Pipeline Processing) Graylog Central (peer support)	7	6716	October 26, 2017
Problem with pipeline rule Graylog Central (peer support) pipeline-rules	1	418	September 9, 2020
Graylog Remove Field That Matches Regular Expression Graylog Central (peer support)	6	1189	August 27, 2019
Has_field() not working Graylog Central (peer support) pipeline-rules	4	276	May 30, 2024

Regex to find if a field exists

Related topics