Patrick Mann

@Pearson-k Can you add some more details about expected versus observed behavior? Is a rule not being executed? Is it being executed but not producing the same results? Is the...

I don't see any difference in the backend. Hitting `Load message` issues a call to `system/pipelines/simulate`, which returns with the same JSON as in 5.2. However, the dropdown `More results`...

@maxstoyanov reports that the issue is no longer reproducible in more recent versions of GL. Additionally, we now automatically replace a "." character in the field name with "_".

In 5.2 we enhanced the simulator input box to accept either: - the message field, expressed as a string - a complete log message, expressed as key-value pairs or JSON...

The issue is due to #17464 which introduces "smart" parsing and escaping of KVPs. This looks like it is entirely in the FE - BE handling for rule simulation hasn't...

This was intended for 6.0.1 but was not backported. Re-opening for backport.

This still bothers me, every time I use API browser. Any chance for a UI change here?

This is due to #16196. While that flags some bad syntax, it was too broad and now prevents legal expressions. I commented out those 3 lines and was able to...

@saurabhsinghiam You should be able to extract the desired `SourceIP` from the backlog messages. Here is a lengthy discussion of that topic: https://community.graylog.org/t/problem-with-backlog-message/19083/16 Please be more specific: What does the...

@EvaZg Can you clarify requirements for this? I don't think it is about the quote character at all: You can already use tables without quotes (specify a dummy character as...