Stream alert regex help

phoeneous · June 12, 2017, 2:41pm

Hello. I’ve created an extractor for one of my fields however when trying to search for terms within that field my searches are failing.

I can search for my extractor field named ‘fv_response’ like this and I can see the messages fine:

fv_response:"INFO - Response: {\"success\":false",\"errorCode\":2,\"message\":\"Invalid"

However when I try to search for just up to the word false I get no results. I’ve tried

fv_response:"INFO - Response: {\"success\":false."
fv_response:"INFO - Response: {\"success\":false.*"
fv_response:"INFO - Response: {\"success\":false.+*"

What is the correct syntax for searching for anything after the word false? Thank you.

jan · June 12, 2017, 6:09pm

please refer to the streams documentation.

phoeneous · June 12, 2017, 6:32pm

I have, and that documentation doesnt help me. Can you provide examples please?

system · June 26, 2017, 6:33pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to find by substring Graylog Central (peer support) windows	6	2105	March 14, 2023
Regex Search in message / Chars like ", ==, <=, etc / Problem Graylog Central (peer support)	5	1117	October 14, 2019
Searching stream for asterisk in message Graylog Central (peer support)	3	1458	December 14, 2018
How to search for messages that starts with [ Documentation Campfire	11	26323	June 7, 2023
Regex search in message field Graylog Central (peer support)	4	1472	February 23, 2021

Stream alert regex help

Related topics