I've seen this happen to me a few times, and its usually one of the following:
*) the search result I'm currently looking at doesn't contain any messages that would have matched those fields. The search tool only lists fields that appear in the current search result. IE, if I do a search for 'dhcp' and then look at the search tool, the dhcp-related fields are there, but the radius-related fields are not. If I do a search for '*' then the fields are all there as long as each field appears at least once in the result set. *) the extracted variables are not on the input through which that set of messages arrived. My graylog has 6 different inputs (2 gelf, 2 tcp, 2 udp) and I have to place the desired extractor on all inputs where that content might arrive. Find a message that should have displayed such fields, and compare the input it arrived on with the input where you created the extractor, and they're often different (because some admin decided to change their syslog configuration and are now sending their messages to an unexpected input.) On Wed, Feb 3, 2016 at 10:06 AM, Roger Guzman <[email protected]> wrote: > I have created several extractors and the same work correctly (attached > image), but the fields created are not shown in the search tab. Has anyone > had the same problem? > --- > He creado varios extractores y los mismos funcionan correctamente (adjunto > la imagen), pero los campos creados no se muestran en el tab search. > ¿Alguien ha tenido el mismo inconveniente? > > -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/d35609e2-d654-4549-bb07-b945c6cf0945%40googlegroups.com > <https://groups.google.com/d/msgid/graylog2/d35609e2-d654-4549-bb07-b945c6cf0945%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- No matter what we think of Linux versus FreeBSD, etc., the one thing I really like about Linux is that it has Microsoft worried. Anything that kicks a monopoly in the pants has got to be good for something. - Chris Johnson -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAL5rfGU%3DqVRJZazBkHiG-caq2yPcqR6P%3D%2BpSehp0JVfy_C_RTg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
