Regexing error only in pipelines

oidz1234 · November 28, 2018, 4:29pm

Hallo,

I am trying write a pipeline to match a field in a log message.

I have confirmed the regex works by using the extractor regex tester. However I would rather a pipeline then an extractor.

I am getting many errors in the below:
rule “function match phonenum”

when
has_field("api_call")

then

let tg_message = to_string($message.message)

let g_message = regex("phonenum\/(.*)\?", $tg_message);

I am trying to match any number of characters after the string “phonenum” up to a literal “?” However the pipeline editor is throwing many token condition errors.

Once again I have verified that the regex works using the extractor functionality. So I assume my regex function syntax must be incorrect. Is anyone able to help ?

Thanks !

oidz1234 · November 29, 2018, 10:46am

Managed to solve this, I had to format the regex as a “Java string”

Before "phonenum\/(.*)\?"
after "phonenum\\/(.*)\\?"

system · December 13, 2018, 10:46am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Pipelines and regex (and some extractor talk) Graylog Central (peer support) regex-special-charac	6	757	July 11, 2023
Issue with parsing regex expression in pipelines Graylog Central (peer support) pipeline-rules , regex-special-charac , jsonfblx	8	272	January 17, 2024
Need some help with regex in pipeline rule Graylog Central (peer support) pipeline-rules	2	2162	July 7, 2023
Issue with regex-array in pipeline-rule Graylog Central (peer support) pipeline-rules	3	1472	May 8, 2020
Regex Matching in Pipeline or Extractor Graylog Central (peer support)	18	2208	January 31, 2023

Regexing error only in pipelines

Related topics