Hi Markus On Tuesday, 30 August 2016 11:51:48 UTC+2, Markus Fischbacher wrote: > > I don't see a way to extract syslog levels - they doesn't come in the > message(-string) itself. Level and facility seems to come in additional udp > sections/frames. >
If you're using a Raw/Plaintext input, the syslog priority (a number encoding facility and level) will be at the very beginning of each message, see https://tools.ietf.org/html/rfc5424#section-6.2.1 and https://tools.ietf.org/html/rfc5424#section-6.5. You can extract this using a regex extractor and use the Syslog converters on it. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/ac2efd48-8541-4dd6-8034-be1142da86b4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
