Hi Marvin, there has to be a dedicated message field containing exclusively the IP address. It looks like in your case, the "ipAddress" is part of the message field.
If that's the case, you first need to extract it from the message field, e. g. by using a Grok extractor. Cheers, Jochen On Thursday, 8 December 2016 17:29:09 UTC+1, Marvin Popyk wrote: > > Hey Jochen, > > Thanks for the reply. The exact content is just the external ip address > of the device so it would look like ipAddress=x.x.x.x > > Here is the message 2016-12-08 09:26:47,370: username=user.name, > status=Successful Login, ipAddress=x.x.x.x > > I would like to pull the IP address and plot it on a map so we know where > the IP is coming from. > > On Thursday, December 8, 2016 at 11:06:52 AM UTC-5, Jochen Schalanda wrote: >> >> Hi Marvin, >> >> On Thursday, 8 December 2016 16:31:08 UTC+1, Marvin Popyk wrote: >>> >>> I've even ran the test and it works just fine but its not pulling any of >>> the external IP's that are in the messages. The IP's have the field >>> "ipAddress =" so i figured it would pull that and plot it on a map. >>> >> >> What's the exact content of the ipAddress field in your messages? >> >> Cheers, >> Jochen >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/ceb619e1-c7bc-4667-aa81-5658b2ef75ca%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
