joschi
commented
8 years ago @rockaut Thanks for reporting this!
We're probably not going to implement that feature. There are currently 2 workarounds for your problem in Graylog 2.x:
- Use the message processor pipeline and the
regex()function - Use Grok patterns
As we try to phase out extractors in a future release, I'd recommend using the message processor pipeline: http://docs.graylog.org/en/2.0/pages/pipelines.html
Expected Behavior
Implement matching groups for regex extractors as it's already implemented for GROK.
Current Behavior
Currently it's only possible to define one match and provide a fixed field for storing the value.
Your Environment