Hi Matthew,
what exactly does "not working" mean? What kind of message are you trying
to match with this grok pattern? Did you import or create all referenced
grok patterns in Graylog?
Additionally there might be a problem with the "timestamp" field if it
doesn't match the timestamp format used by Graylog.
Cheers,
Jochen
On Tuesday, 1 December 2015 09:05:08 UTC+1, Matthew Simon wrote:
>
> Hi Guys
>
> Maybe someone can point out where im going wrong with my Grok pattern here?
>
> (?:%{SYSLOGTIMESTAMP:timestamp}|%TIMESTAMP_ISO8601:timestamp8601})(?:%{SYSLOGHOST:logsource})
>
> (?:%{YEAR}): (?:%{MONTHNUM}):(?:%{MONTHDAY})-
> (?:%{HOUR}):(?:%{MINUTE}):(?:%{SECOND})
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/a95719c8-1819-4b80-b3d0-5431232365df%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
