|
Description |
If event matches Condition set event fields by matching regular expression against existing fields, as specified by FieldNameRegExpList. |
|
|
|
|
Comments |
If source field in a FieldNameRegExpList triplet is unspecified or empty, do nothing. Otherwise, the regular expression will be matched against the source field. If a match is found, the destination field is set to the matched string. For each additional match, a new field is created, with the name of the destination field concatenated with a trailing number starting with one and incrementing for each match. For more information on Regular Expressions, please see Sun's regular expression patterns summary. |
<filter objectId="Filter.RegExp" type="RegularExpressionFilter"> <parameter type="Condition"> <negatePrimaryCondition>false</negatePrimaryCondition> <conditionRelation>Any</conditionRelation> </parameter> <parameter type="FieldNameRegExpList"> <FieldNameRegExpMatch> <!-- 0 to N of these --> <SrcFieldName>ev:msg</SrcField> <DestFieldName>ev:word</DestFieldName> <RegExp>"\b\S+\b"</regexpEventField> <!-- break into words --> </FieldNameRegExpMatch> </parameter> </filter>