Hello !
Is there a way to do things like that with graylog ?
grok {
break_on_match => true
match => [
"message", "<%{POSINT:syslog_pri}>1
%{TIMESTAMP_ISO8601:syslog_time} %{SYSLOGHOST:hostname}
(?<message_program>[a-zA-Z0-9\-]+) [\- ]+ %{TIMESTAMP_ISO8601:@timestamp}
%{LOGLEVEL:message_loglevel} (?<message_body>(?<message_syslog>.*))",
"message", "<%{POSINT:syslog_pri}>1
%{TIMESTAMP_ISO8601:syslog_time} %{SYSLOGHOST:hostname}
(?<message_program>[a-zA-Z0-9\-]+) [\- ]+ %{TIMESTAMP_ISO8601:@timestamp}
(?<message_body>(?<message_syslog>.*))",
"message", "<%{POSINT:syslog_pri}>1
%{TIMESTAMP_ISO8601:syslog_time} %{SYSLOGHOST:hostname}
(?<message_program>[a-zA-Z0-9\-]+) [\- ]+
(?<message_body>(?<message_syslog>.*))",
"message",
"(?<message_body>(?<message_debug>.*))"
]
}
test several patterns on a message like logstash.
I'd like to do everything with graylog and delete my logstash instances.
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/e0b748ba-5633-4564-9730-cfd3d6f117a6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
