Need some grox help. I'm using groxdebug and I cannot figure out what I'm
doing wrong here.
Raw message:
<166>raslogd: 2014/11/21-15:07:14, [SEC-1203], 6643, WWN
10:00:00:27:f2:9a:8d:7f | FID 128
What I have so far for the parse......
<%{INT:syslog_pri}>%{WORD:facility}:
(?<TIMESTAMP>%{YEAR}/%{MONTHNUM}/%{MONTHDAY}-%{TIME}),
\[(?<MSG_ID>%{WORD}-%{INT})\], %{INT:SEQUENCE}, WWN %{IPV6:WWN} |
(?<FLAG>%{WORD} %{INT})
Everything works fine until I get to the end "FID 128" and I get nothing
but a null. Even if I just do %{WORD} to get "FID" it still give me a
null value in groxdebug.
I'm missing something basic here.
Thanks,
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/23230299-b877-4f24-a157-c5b2d4b246da%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
