arrrg. forgot to escape the |.
On Monday, November 24, 2014 12:16:05 PM UTC-5, Billy F wrote:
>
> Need some grox help. I'm using groxdebug and I cannot figure out what I'm
> doing wrong here.
>
> Raw message:
>
> <166>raslogd: 2014/11/21-15:07:14, [SEC-1203], 6643, WWN
> 10:00:00:27:f2:9a:8d:7f | FID 128
>
> What I have so far for the parse......
>
> <%{INT:syslog_pri}>%{WORD:facility}:
> (?<TIMESTAMP>%{YEAR}/%{MONTHNUM}/%{MONTHDAY}-%{TIME}),
> \[(?<MSG_ID>%{WORD}-%{INT})\], %{INT:SEQUENCE}, WWN %{IPV6:WWN} |
> (?<FLAG>%{WORD} %{INT})
>
> Everything works fine until I get to the end "FID 128" and I get nothing
> but a null. Even if I just do %{WORD} to get "FID" it still give me a
> null value in groxdebug.
>
> I'm missing something basic here.
>
> Thanks,
>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/fe41cbb3-1552-4b9a-ba39-fc59c1b0c403%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
