Solved: Host_Regex not working

edwardrose · ‎09-09-2015

Hello All,

I know that there are lots of questions for host_regex not working. Here is mine.

[monitor:///var/log2/gns/nac/log*]
_TCP_ROUTING = gns_core_indexers
host_regex = /log\_/gm
index = remoteaccess
sourcetype = Aruba:CPPM:Syslog

And the files in the nac directory look very similar to below

log_svr-orw-nac-01
log_svr-cop-nac-04
log_svr-hop-nac-02

So I am not to sure why the regex isn't just removing the log_ and leaving the rest as the host name.

thanks
ed

richgalloway · ‎09-09-2015

The host_regex attribute needs a capturing group. It's not clear what you want the regex to do, but perhaps this will get you started.

HOST_REGEX = log_(.*)

---
If this reply helps you, Karma would be appreciated.

richgalloway · ‎09-09-2015

The host_regex attribute needs a capturing group. It's not clear what you want the regex to do, but perhaps this will get you started.

HOST_REGEX = log_(.*)

---
If this reply helps you, Karma would be appreciated.

edwardrose · ‎09-09-2015

Thanks that worked like a charm. I am not a very good regex person 🙂

Host_Regex not working