For anyone who was wondering how to do this, I was able to do it with a "Replace with regular expression" Extractor
On Friday, July 8, 2016 at 9:09:19 AM UTC-4, Steve Kuntz wrote: > > Hi, > > I have a message like below and I would like to extract the > lat=111&long=222 into a single field that I use the geolocation world map > on like 111,222. I've tried pipelines but have been unsuccessful trying to > concatenate the 2 together into a single field. Would a drool be required? > Anyone have any suggestions on how to do this another way? > > 2016-07-08 13:01:54 W3SVC1 <servername> 10.10.205.166 GET > /api/searchv2/get.html > lat=42.8901&long=-79.1545&gpsAcc=23.0&userId=6a5fca84-e349-43e2-9e3d-dc6c700169cf&aamId=80049289624172739820731487445857674393&ts=1467982916625&osadis=f8dbb865-35de-4d38-8707-b44ae7bf2e9f&type=f&platform=ANDROID&idtype=HARDWARE_ANDROID_AD_ID > > 443 - 104.224.105.37 HTTP/1.1 > Dalvik/2.1.0+(Linux;+U;+Android+5.0.1;+SGH-I337M+Build/LRX22C) - - <url> > 200 0 0 273 435 578 > > Thanks > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/dfd41ff0-2f43-4f4c-b9b7-778a031f4f21%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
