I've set up some simple Grok extractors and tested that they match against
a sample of input messages in the Graylog interface, but when further
messages come in the extractors do not seem to "kick in", and the
additional fields that I see on other inputs with similar extractors don't
get added on. This was working at some point, but I deleted and recreated
the extractors for some reason I've now forgotten.
An example Grok pattern:
%{HOSTNAME:source_unit} diskmonitor\:%{GREEDYDATA:UNWANTED}partition %{WORD:
partition} has only %{POSINT:percent_free}
And an example input message:
ip-10-244-63-14 diskmonitor: 011d0004:3: Disk partition var has only 12%
free
Below is an example of a message that came in after I updated the extractor:
<https://lh3.googleusercontent.com/-oOBgb_GIh6Y/V6C0dC1Y9rI/AAAAAAABbLo/msGSMURNm7E1EcNYEjRpud7rtJF1V16CwCLcB/s1600/Capture.PNG>
I can't figure out what's going on here, am I missing something obvious?
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/ac14ada5-997c-4214-be14-c6dcc98996e4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
