Menu
I use graylog 2.0 (http://docs.graylog.org/en/2.0/pages/queries.html) and it's super useful.
I want to refine my full_message search. Currently I'm: - searching graylog for all full_message occurrences of the start of the string - I then export this to excel - Split the text (text to columns) - Apply an autofilter - Filter for any times > 20
search pattern:
full_message: "Running queue with*"
search text:
Network Queue: Running queue with id: dd82c225-fab7-44ce-9618-67d1ef332a03 and 1 items
Network Queue: Running queue with id: dd82c225-fab7-44ce-9618-67d1ef332a03 and 5 items
Network Queue: Running queue with id: dd82c225-fab7-44ce-9618-67d1ef332a03 and 25 items
Network Queue: Running queue with id: dd82c225-fab7-44ce-9618-67d1ef332a03 and 200 items
I'm wondering if a better reg search could just list any reccord with items > 20.
e.g. the search string would be
full_message: "Running queue with [insert better regex here]"
Thanks
603
You can use the pattern
Running queue with id: \S+ and (?:\d{3,}|[3-9]\d|2[1-9])
The final group there allows for either:
\d{3,} Any number with three or more digits, or[3-9]\d Any number 30-99, or2[1-9] Any number 21-29https://regex101.com/r/ctLvQD/1
200
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
