Im trying to implement a simple grok pattern based on the standard grok
patterns from the logstash repo, but I get all sorts of extra fields in my
messages. At first i was confused, but then I figured out it was the
normally discarded sub-patterns.
For example I have a grok pattern like this:
%{USER:Proto}
which uses a pattern called USER and then finally USERNAME like this:
USER%{USERNAME}
USERNAME [a-zA-Z0-9_-]+
So in my messages I have the Proto field, and the USER field. Normally if a
grok pattern doesnt have a name, it gets discarded, but in Graylog 1.0.0 it
gets the default name of the field instead. This quickly adds up ALOT of
irrelevant fields when using alot of sub-patterns. It doesnt really break
anything, but it clutters the field list with redundant and confusing
fields.
Any work-arounds?
Will this be fixed? should I create a ticket?
Brgds.
Martin
--
You received this message because you are subscribed to the Google Groups
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
