Hi, I want to use for search regular expression. I want to search Infected files in logs from antimalware solution. The text is “Infected: /number of infected files/”
I read the help, but /[Ii]nfected…[1-9]+/ doesnt work. On the page for test regex text works.
Graylog 5.0.3+a82acb2 on Unknown (Eclipse Adoptium 17.0.6 on Linux 5.10.0-21-amd64)
Could you give us an example of the message in the field you are searching for? And the exact search you are trying to run? It would help us to give you a clearer answer.
Ah, I see. Regex queries require you to match the whole string, so you ideally wouldn’t want to use a regex query here. The ideal solution is to use pipelines to parse out your message into fields, with the end goal being to have ‘Infected’ as a field rather than a search term.
Once you parse it out, you can do queries like Infected:>0 It’s much cleaner to do this kind of work at ingest time than search time. This also means you can use it in visualisations too.