This won't work in v2.1.2 without some modification since it was created using a newer version of graylog. You must be running *Graylog v2.2.0 or later* because of using the split function in the pipeline rules and some other new features related to streams. https://github.com/Graylog2/graylog2-server/issues/3250
A workaround is to remove the line matching "default_stream": false from the content_pack.json file located in the streams section and either build your own regex/grok patterns or send in the bro logs using the json output plugin and figure out how to get your fields extracted the way you want. Regards, On Thursday, January 5, 2017 at 5:54:41 AM UTC-6, SawWinn Naung wrote: > > Can't import in Graylog v2.1.2 > On Sunday, December 18, 2016 at 10:34:33 PM UTC+6:30, BKeep wrote: >> >> For anyone interested, I added a new content pack: >> BRO IDS content pack contains pipeline rules, a stream, a dashboard >> displaying interesting activity, and a syslog tcp input to capture and >> index BRO logs coming from a Security Onion sensor. >> >> >> https://marketplace.graylog.org/addons/5e6cf3c6-7bdc-4a2c-bdca-441407e4a016 >> >> Regards, >> Brandon >> >> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/0da45048-f198-4e74-9de9-82e2f873edf7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
