Hi there I have a whole bunch of extractors and in general they work just fine. However, I was just doing a search and got a surprising result back, and when I dug into it discovered events that a month-old extractor should have run on had failed to do so. ie I have extractors that create new fields, and identical records do not trigger the same field creation.
If I manually load such a "skipped" event into the extractor wizard, it demonstrates that it wants to extract the field - but in reality had failed to do so There's no evidence of a load problem, and the extractors are definitely working - just not 100% of time... What could be behind this inconsistency? Could it be previous extractors? Frankly I'm not even sure what happens - if "extractor 3" matches, does "extractor 7" still get compared? This is CentOS-7, with graylog-server-2.0.2-1/elasticsearch-2.3.3-1 Thanks -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAFChrgJPYheNn3PEx-ojs-%2BxUs_HTiAdA9B79xo4UDjrXAeVvQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
