I am attempting to create a Pub/Sub log sink on GCP. Ideally, my Audit Log filter would pick up any CSV files in a specific GCS path, which is given in the logs as protoPayload.resourceName
when an object is uploaded, the path looking like projects/_/buckets/<bucket_name>/objects/<path>/<to>/test.csv
*. The file I'm dropping in the path is called test.csv
, and the following regex audit log query (i.e. the exact file name) works at picking the upload event up:
protoPayload.resourceName =~ "projects/_/buckets/<bucket_name>/objects/<path>/<to>/test.csv"
however, the following actual regex wildcarding is not picking it up. Any help is appreciated.
protoPayload.resourceName =~ "projects/_/buckets/<bucket_name>/objects/<path>/<to>/*.csv"
*<bucket_name>
and /<path>/<to>/
are correctly passed with their real values in query
CodePudding user response:
Try ading . before the wildcard (.*)
jsonPayload.resourceName =~ "projects/_/buckets/test_bucket/objects/paht/to/.*.csv"
Tried to recreate on my end and it works well.
Sample query i used:
jsonPayload.resourceName =~ "projects/_/buckets/test_bucket/objects/paht/to/.*.csv"
jsonPayload.resourceName =~ "projects/_/buckets/test_bucket/objects/paht/to/sample1.*.csv"
jsonPayload.resourceName =~ "projects/_/buckets/test_bucket/objects/paht/to/test.*.csv"
Let me know if this helped you.