Hi Daniel, that's a bug in the extractor and I've just created a ticket for it on GitHub: https://github.com/Graylog2/graylog2-server/issues/1083
Thanks for reporting this! Cheers, Jochen On Tuesday, 31 March 2015 10:41:21 UTC+2, Daniel Kamiński wrote: > > Hi > I was trying to optimize my sonicwall extractors by switching to k=v > extractor instead of using regex to extract fields, log format is as > follows: > id=firewall sn=xxxxxxxxxxxxx time="2015-03-31 08:18:18 UTC" fw=a.b.c.d > pri=6 c=1024 m=97 n=3902070 src=ip:port:iface:hostname > dst=ip:port:iface:hostname proto=tcp/http op=GET sent=1286 rcvd=2129 > result=200 dstname=googleads.g.doubleclick.net arg=/http/args code=64 > Category="Not Rated" > and only Category and time fields are extracted to graylog fields. Am I > doing something wrong? (it's second extractor in the queue, the first just > copies gl2_remote_ip to source field). Is it any kind of standard, > expected behaviour in graylog? i haven't found any relevant issue on > graylog's github issue tracker and i'm not sure i should fill one. > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
