Enhancement: groupunset: allow for regex

[faxm0dem]

It would be useful to enable regex matching in groupunset, e.g.:

rewrite {
  groupunset(
    values('^foo')
    type(pcre)
  );
};

[furiel]

If only the prefix is the use case here, you can solve it without regex: you can use aa* instead of ^aa.

@version: 3.11
@include "scl.conf"

source s_network {
    tcp(port(10514));
};

rewrite set_vars {
    set("aaaa", value("aaaa"));
    set("aabb", value("aabb"));
    set("bbaabb", value("bbaabb"));
    set("bbbb", value("bbbb"));
    groupunset(values("aa*"));
};

destination d_local {
    file("/tmp/bbb" template("values: ${aaaa}, ${aabb}, ${bbaabb}, ${bbbb}\n"));
};

log {
    source(s_network);
    rewrite(set_vars);
    destination(d_local);
};

produces values: , , bbaabb, bbbb for me.

[faxm0dem]

My use-case was to avoid multiple groupunsets for ^(foo|bar|baz)

[alltilla]

I am a bit late, but values() accept string-list, that might work for your needs. Not full regex support, but a bit more than multiple groupunset()s.

@version: 3.25
@include "scl.conf"

source s_test {
  example-msg-generator();
};

rewrite r_groupunset {
  set("foo1", value("foo1"));
  set("bar2", value("bar2"));
  set("baz3", value("baz3"));
  set("test", value("test"));
  groupunset(values("foo*" "bar*" "baz*"));
};

destination d_local {
  file("/dev/stdout" template("${foo1}, ${bar2}, ${baz3}, ${test}\n"));
};

log {
  source(s_test);
  rewrite(r_groupunset);
  destination(d_local);
};

output:

$ ./sbin/syslog-ng -F 
, , , test

Cheers!