Hi Yves, I'd recommend using a suitable Grok pattern for this use case.
Cheers, Jochen On Thursday, 8 September 2016 15:14:28 UTC+2, [email protected] wrote: > > Hi everyone, > > I'm using graylog 2.0.3 and graylog 2.1.0, and I have a small problem with > the extractor key=value. > > My iptables logs looks like that "IN=eth0 OUT= MAC=xx:xx:xx" or "IN= > OUT=eth0 MAC=xx:xx:xx". > With the key=value extractor, I have the key "OUT" with the value > "MAC=xx:xx:x" (without space before MAC) > > Is there a way to have a blank value to the key OUT and extract the key > MAC with the value ? > Or should I use logstash/graylog with full grok pattern ? > > Best Regards > > Yves Louis ROFORT > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/362ab424-aa8e-4230-9cde-2824439a7b65%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
