Community I have created a new extractor using the following https://marketplace.graylog.org/addons/90396261-812c-4fa8-ad8f-a17771c9f8e0
I am receiving syslog messages from my Cisco equipment, however the "source" field in GrayLog contains more than just the name of the source field. It includes date information as well. I'll give you an example Syslog message from my Cisco 4507 switch 9/1/2016 3:07 AM : C4K_REDUNDANCY-5-CONFIGSYNC 215: 4507-HOSTNAME: .Sep 1 03:07:14 EST-DST: %C4K_REDUNDANCY-5-CONFIGSYNC: The startup-config has been successfully synchronized to the standby supervisor The source field in GrayLog is as follows 215: 4507-HOSTNAME: .Sep 1 03:07:14 EST-DST: Messages from my Cisco ASA5500 has the following source field Sep 01 2016 22:58:05 5500-FW1 : RegEx for the source field is as follows, which is unchanged from the extractor "regex_value": ">(.+?)%" Any suggestion to how this can be resolved such that only the host name if included in the source field? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/cebeac35-393f-47b9-b210-d432ae1eec26%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
