Does anyone have any suggestions here? Am I the only one using this extractor from the Market Place and that is having this issue?
On Friday, 2 September 2016 11:11:09 UTC+8, Thomas wrote: > > Community > > I have created a new extractor using the following > https://marketplace.graylog.org/addons/90396261-812c-4fa8-ad8f-a17771c9f8e0 > > I am receiving syslog messages from my Cisco equipment, however the > "source" field in GrayLog contains more than just the name of the source > field. > It includes date information as well. > > > I'll give you an example > > Syslog message from my Cisco 4507 switch > > 9/1/2016 3:07 AM : C4K_REDUNDANCY-5-CONFIGSYNC 215: 4507-HOSTNAME: .Sep > 1 03:07:14 EST-DST: %C4K_REDUNDANCY-5-CONFIGSYNC: The startup-config has > been successfully synchronized to the standby supervisor > > The source field in GrayLog is as follows > > 215: 4507-HOSTNAME: .Sep 1 03:07:14 EST-DST: > > Messages from my Cisco ASA5500 has the following source field > Sep 01 2016 22:58:05 5500-FW1 : > > > RegEx for the source field is as follows, which is unchanged from the > extractor > > > "regex_value": ">(.+?)%" > > Any suggestion to how this can be resolved such that only the host name if > included in the source field? > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/02734492-2ced-4c22-9f03-4b5e23a200ba%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
