Filer by regex Name

  • What Grafana version and what operating system are you using?
    8.0.3

  • What are you trying to achieve?
    to filter field dat by regex by the way of transform fonctionnality

  • How are you trying to achieve it?
    creating a Dashbord with a simple lucene datasource

  • What happened?
    No regex substitution done

  • What did you expect to happen?
    The field msg should ytransform with my regex expersion

  • Can you copy/paste the configuration(s) that you are having problems with?
    here is the conf of my rename regex
    “id”: “renameByRegex”,
    “options”: {
    “regex”: “.exe=\"([a-zA-Z0-9_\/]+)\".”,
    “renamePattern”: “$1”
    }

here is the on part of the dataset generate :
p=PAM:setcred grantors=pam_env,pam_unix acct=“root” exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success devgraylog-esnode3.swmcloud.net

op=PAM:setcred grantors=pam_env,pam_unix acct=“root” exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success deves7-node3.swmcloud.net

  • Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
    no error

  • Did you follow any online instructions? If so, what is the URL?
    absolutly

May i know from where did you get below output :

“id”: “renameByRegex”,
“options”: {
“regex”: “. exe="([a-zA-Z0-9_/]+)". ”,
“renamePattern”: “$1”
}

Also, can you tell what string you are trying to override ?

Hi,
of course its from the export of the dashboard
here is one line i want to urename
2021-08-04 17:07:08 audit.log 66c8bec3-f546-11eb-b8bd-005056923327 graylog_606 [object Object] message 4294967295 local0 16 <133>2021-08-04T19:07:08.587488+02:00 deves7-node3.swmcloud.net audit.log type=CRED_DISP msg=audit(1628096828.586:120788870): pid=10569 uid=0 auid=4294967295 ses=4294967295 msg=‘op=PAM:setcred grantors=pam_env,pam_unix acct=“root” exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success’ 1155 01FC92455C97TW69JE1M8DB5MS 10.64.13.16 51329 5e00c9b7f4595f229bc22314 866f3b01-ad3e-4f47-be05-86ff158ae737 [object Object] 5 deves7-node3.swmcloud.net audit.log type=CRED_DISP msg=audit(1628096828.586:120788870): pid=10569 uid=0 auid=4294967295 ses=4294967295 msg=‘op=PAM:setcred grantors=pam_env,pam_unix acct=“root” exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success’ op=PAM:setcred grantors=pam_env,pam_unix acct=“root” exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success 10569 deves7-node3.swmcloud.net audit.log type=CRED_DISP msg=audit(1628096828.586:120788870): pid=10569 uid=0 auid=4294967295 ses=4294967295 msg=‘op=PAM:setcred grantors=pam_env,pam_unix acct=“root” exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success’ 4294967295 1628096828587,28 deves7-node3.swmcloud.net 1 CRED_DISP 0

I also update the regexp with this value (.)(msg=’.)(exe=)([a-zA-Z0-9_/\"]+).*(res=)([\w]+)’