krakw
(Jérémy DUPEU)
1
Hi,
Seems that I’m not the only one struggling with regex that works on regex101.com and don’t in Graylog (https://community.graylog.org/t/regex-works-on-regex101-com-but-not/13272), but even after trying to escape twice the “\d”, it still doesn’t match!
Please find the input string : [mux_input 632] [encaps] dropping late packet (0 ms)
And the working regex on regex101 : \d+(?:[,.]\d+)?
(I’m trying to get “632”).
This one doesn’t match anything in Graylog, doubling the escape doesn’t match either : \d+(?:[,.]\d+)?
Would you have any idea what’s the issue here?
Thanks!
jan
(Jan Doberstein)
2
he @krakw
Graylog is Java and regex101 is not a Java regex tester …
This is a better tool for java regex: https://www.freeformatter.com/java-regex-tester.html
But, your regex is working - the question is, where did you want to use that? Extractors or Pipeline or Streamrules or alerting or search?
krakw
(Jérémy DUPEU)
3
Hi Jan,
Thanks a lot for your reply.
Understood for the java vs nonjava tester.
I want to use this regex in a extractor !
jan
(Jan Doberstein)
4
He @krakw
total different, but working …
^\[\S+?\s+(\d+)\]
krakw
(Jérémy DUPEU)
5
Thanks a lot @jan!
Any idea why it wouldn’t work with the other regex?
Thanks again for your help
