Hi all, i’m creating a new custom data parsing rule and in the 3rd step you can choose to insert a filter (optional) in order to apply the extraction only on a subset of your log. I see that it can accept only plain word, not search expression used in the log search and not regex. Have anyone experienced this problem? Is there a solution or Rapid7 could implement this feature?
1 Like
From Rapid7 Support:
“Currently this is not supported for the Filter and what you have done so far in creating multiple rules is the way other customers have worked around this limitation and found success.
However I can confirm that based on feedback this is on the roadmap - they plan to update the filter to LEQL search which would include Regex.”
3 Likes