No, it couldn't help. It extracts all the key-value pairs and it's not configurable.
четверг, 1 сентября 2016 г., 12:12:20 UTC+3 пользователь Jochen Schalanda написал: > > Hi, > > the converter is called "Key = Value Pairs to Fields" in the drop down. > > Cheers, > Jochen > > On Thursday, 1 September 2016 10:56:28 UTC+2, AForton wrote: >> >> I currently don't have that converter in converters drop-down-list. Where >> to find it? I use >> *graylog v2.1.0-beta.2-ffa3355* >> четверг, 1 сентября 2016 г., 10:44:39 UTC+3 пользователь Jochen Schalanda >> написал: >>> >>> Hi, >>> >>> I think that's not possible with Grok, but you could try to use the >>> Tokenizer converter (create a Copy Input extractor, then select the >>> Tokenizer converter) for this. >>> >>> Cheers, >>> Jochen >>> >>> On Wednesday, 31 August 2016 14:19:39 UTC+2, AForton wrote: >>>> >>>> Is it possible to extract dynamic field name with grok? For instance, I >>>> have the following message: >>>> >>>> Test message key=value key_1=value_1 key_2=value_2 ... etc >>>> >>>> The number n in key_n=value_n is not specified and may vary from >>>> message to message. I need to extract all fields but with key1 and key3: >>>> >>>> key=value >>>> key_2=value_2 >>>> key_4=value_4 >>>> key_5=value_5 >>>> key_6=value_6 >>>> //etc... >>>> >>>> How can I do this? Is it possible to do with GROK? >>>> >>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/6028951f-bc6e-4ae2-ae7a-6302ae962d35%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
