Closed cdino closed 8 years ago
kroepke
commented
8 years ago The .matches attribute is a boolean that tells whether the regex matched or not. It is not the complete match of the regex.
The matcher groups are available via the [] operator, please see the unit test for the regex function.
The documentation is sorely lacking, so I'll keep this issue open for that purpose.
cdino
commented
8 years ago Great.. Thanks for the information. So i tested this..
rule "nidconv"
when
true
then
let nid = regex("~?c(\\d+)-(\\d+)c([0-2])s(\\d|1[0-5])n([0-3])", "c2-0c1s1n1");
set_field("conv_nid", nid["0"]);
endand works!
So the issue is that he is unable to find the "cname" field in the JSON message. {"cname":"c5-0c0s1n1"}, does $message.cname not exist? which is the correct field path?
thx
kroepke
commented
8 years ago What codec did you choose?
If GELF, then the plain JSON you pasted is not valid GELF, please see: http://docs.graylog.org/en/latest/pages/gelf.html#example-payload
cdino
commented
8 years ago I was trying JSON, but i just tested GELF with the following:
{"version": "1.1", "host": "lcg.cscs.ch", "short_message": "Cray cname", "full_message": "this is a Cray cname", "cname": "c2-0c0s1n1"}
with the following pipeline script:
rule "nidconv"
when
has_field("cname")
then
let nid = regex("~?c(\\d+)-(\\d+)c([0-2])s(\\d|1[0-5])n([0-3])", to_string($message.cname));
set_field("conv_nid", nid["0"]);
endand works, i was able to extract the group. Now i just have to wait the mathematical operators to complete my function! Thanks
Problem description
I'm testing the pipeline processor but I'm facing some issues The pipeline processor is not matching a string (Cray cnames) like c5-0c0s1n1 using the regex function. I'm using the same regex on some extractors and is working fine.
I'm using the simulator in JSON format, just passing
{"cname":"c5-0c0s1n1"}and for debugging im using a new field with the boolean converted to string as content.What I'm doing wrong
Environment