Hi, I did it, it is on the second picture.
I’ve attached the picture. Cheers, Zsolt -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Edmundo Alvarez Sent: Wednesday, October 21, 2015 2:23 PM To: [email protected] Subject: Re: [graylog2] grok pattern not working Hi Zsolt, That is only one part of it, you first need to create Grok patterns in System -> Grok patterns. You can create them by hand or import a file including the most common ones. Regards, Edmundo > On 21 Oct 2015, at 12:57, Osztrovszky Zsolt > <[email protected]<mailto:[email protected]>> wrote: > > Yes. > Like this: > <image001.png> > <image002.png> > > Cheers, > Zsolt > > From: [email protected]<mailto:[email protected]> > [mailto:[email protected]] On Behalf Of Jochen Schalanda > Sent: Tuesday, October 20, 2015 4:03 PM > To: Graylog Users > <[email protected]<mailto:[email protected]>> > Subject: [graylog2] Re: grok pattern not working > > Hi Zsolt, > > did you add the required Grok patterns to your Graylog system? > > > Cheers, > Jochen > > On Tuesday, 20 October 2015 12:56:17 UTC+2, Zsolt Osztrovszky wrote: > Hello Guys! > I'd like to setup an extractor with Grok pattern. > This is my sample message and pattern: > 10.10.1.1 - - [13/Oct/2015:17:19:54 +0200] "GET /1111/ed98/561/this.m3u8 > HTTP/1.1" 200 388 "http://10.1.1.1/hls.php?o=1111&p=2kV&t=BASE64"; > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11) AppleWebKit/601.1.56 (KHTML, > like Gecko) Version/9.0 Safari/601.1.56" 3878 6090 ed98b > > pattern: > %{IP:remote_addr} > > If I push try, it says: Attention We were not able to run the grok > extraction. Please check your parameters. > > What am I doing wrong? > Thanks. > Cheers, > Zsolt > -- > You received this message because you are subscribed to a topic in the Google > Groups "Graylog Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/graylog2/KBn38OfLyUc/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]<mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/ab9539b3-7c11-4665-a6f4-f6c092a2b690%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > > FIGYELMEZTETÉS: > "Ez az e-mail bizalmas információkat tartalmaz kizárólag a címzett(ek) > számára. Amennyiben Ön nem címzettje ennek az e-mail-nek, felhívjuk figyelmét > arra, hogy az e-mail tartalmának közzététele, másolása, illetéktelenek > számára való továbbítása, megőrzése vagy bármilyen hasonló tevékenység tilos > és törvénybe ütköző." > > -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to > [email protected]<mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/20813E38516D75429744E7A4B8B656FF02549D446D38%40PETZCMSVS01.intra.ahrt.hu. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to a topic in the Google Groups "Graylog Users" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/graylog2/KBn38OfLyUc/unsubscribe. To unsubscribe from this group and all its topics, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/54996BA5-68DF-4F96-9B61-6B8DFEA621F6%40graylog.com. For more options, visit https://groups.google.com/d/optout. ________________________________ FIGYELMEZTETÉS: "Ez az e-mail bizalmas információkat tartalmaz kizárólag a címzett(ek) számára. Amennyiben Ön nem címzettje ennek az e-mail-nek, felhívjuk figyelmét arra, hogy az e-mail tartalmának közzététele, másolása, illetéktelenek számára való továbbítása, megőrzése vagy bármilyen hasonló tevékenység tilos és törvénybe ütköző." -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/20813E38516D75429744E7A4B8B656FF02549D446DA1%40PETZCMSVS01.intra.ahrt.hu. For more options, visit https://groups.google.com/d/optout.
