Directly named fields is the usual way as I understand it. So only the fields you mention in your high level pattern make it to the message.
As I understand, I can use the UNWANTED field to discard the field now? I will try and do that for the subpatterns. On Wednesday, 22 April 2015 00:39:19 UTC+2, Kay Röpke wrote: > > We are aware of this issue and hope to fix it in 1.1.0, however there are > lots of things scheduled and it might slip to 1.2.0. > > It would help to know whether you need to select specific fields or if you > only want directly named fields to appear in the final extraction. > On Apr 21, 2015 4:08 PM, "Martin René Mortensen" <[email protected] > <javascript:>> wrote: > >> It looks like it could be ticket 904. I hope so, then its slated for >> 1.1.0 :) >> >> https://github.com/Graylog2/graylog2-server/issues/904 >> >> On Tuesday, 21 April 2015 16:03:12 UTC+2, Martin René Mortensen wrote: >>> >>> Im trying to implement a simple grok pattern based on the standard grok >>> patterns from the logstash repo, but I get all sorts of extra fields in my >>> messages. At first i was confused, but then I figured out it was the >>> normally discarded sub-patterns. >>> >>> For example I have a grok pattern like this: >>> >>> %{USER:Proto} >>> >>> which uses a pattern called USER and then finally USERNAME like this: >>> >>> USER%{USERNAME} >>> >>> USERNAME [a-zA-Z0-9_-]+ >>> So in my messages I have the Proto field, and the USER field. Normally >>> if a grok pattern doesnt have a name, it gets discarded, but in Graylog >>> 1.0.0 it gets the default name of the field instead. This quickly adds up >>> ALOT of irrelevant fields when using alot of sub-patterns. It doesnt really >>> break anything, but it clutters the field list with redundant and confusing >>> fields. >>> >>> Any work-arounds? >>> >>> Will this be fixed? should I create a ticket? >>> >>> Brgds. >>> Martin >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "graylog2" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
