Match macros ($1, $2, ... $255) are temporary variables. You can use them for general purposes when operating with list-like items. For example, the match() filter stores capture group results in match variables when the store-matches flag is set, or the JSON parser produces match variables if the parsed JSON data is an array.

It is possible to set match variables in a single operation with the set-matches() rewrite function. set-matches() uses syslog-ng OSE list expressions to set $1, $2, ... $255, so it can be considered as a conversion function between syslog-ng OSE lists and match variables.

NOTE: To convert match variables into a syslog-ng OSE list, use the $* macro, which can be further manipulated using List manipulation, or turned into a list in type-aware destinations.

TIP: To reset match variables to be empty, use the unset-matches() rewrite rule.

Declaration

rewrite <name_of_the_rule> {
    set-matches("<list-expression or list-based template function>");
};

Example usage for the set-matches() rewrite function

In the following two examples, $1, $2, and $3 will be set to foo, bar, and baz, respectively.

Example using string:

rewrite {
    set-matches("foo,bar,baz");
};

Example using a list template function:

rewrite {
    set-matches("$(explode ':' 'foo:bar:baz')");
};

Updated: