Merge pull request #41 from galex505/v4

chore: clarify Regex baselining
NextronSystems · Aug 13, 2024 · 09d0601 · 09d0601
2 parents af28558 + ab6b85d
commit 09d0601
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/baselining/case-creation1.rst b/baselining/case-creation1.rst
@@ -182,7 +182,10 @@ removed from the log management view.
 
 .. warning:: 
    It is recommended to use regular expressions only rarely and with
-   caution. This feature can severely impact the performance of the system.
+   caution. This feature can severely impact the performance of the system. Regex from cases will be applied to every single event on import.
+
+Elasticsearch uses Apache Lucene's regular expression engine to parse these queries. Please take a look at the Elasticsearch manual for further information about the regular expression syntax:  
+https://www.elastic.co/guide/en/elasticsearch/reference/current/regexp-syntax.html
 
 ChatGPT Integration
 ^^^^^^^^^^^^^^^^^^^
@@ -281,4 +284,4 @@ bottom.
 .. figure:: ../images/cockpit_event-anon-rule.png
    :alt: Event Anonymization Rule
 
-   Event Anonymization Rule
+   Event Anonymization Rule