Re: [graylog2] converters in grok pattern
четверг, 23 июня 2016 г., 12:43:21 UTC+3 пользователь Jan Doberstein
написал:
>
> Hej,
>
>
>
> On 23. Juni 2016 at 09:22:40, Андрей Грошев (gree...@gmail.com
> ) wrote:
>
> > And for example request http_code:<204 don't worked.
> > I found example define pattern as %{INT:http_code;int} (a semicolon, not
> a
> > colon as in elastic)
> > And it worked, index mapped in elastic as:
> >
> > "http_code": {
> > "type": "long"
> > }
>
>
> > where exists manual as right use grok patter in graylog with converters?
>
> i guess you are asking for this documentation link:
>
>
> http://docs.graylog.org/en/2.0/pages/extractors.html?highlight=grok#using-grok-patterns-to-extract-data
>
>
> Damn, I was never read this page until the end. :D Thank you!
> with kind regards
> Jan
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/fc6b19c3-de6c-4de1-9bcc-197fe0c14146%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [graylog2] converters in grok pattern
Hej,
On 23. Juni 2016 at 09:22:40, Андрей Грошев (greenx...@gmail.com) wrote:
> And for example request http_code:<204 don't worked.
> I found example define pattern as %{INT:http_code;int} (a semicolon, not a
> colon as in elastic)
> And it worked, index mapped in elastic as:
>
> "http_code": {
> "type": "long"
> }
> where exists manual as right use grok patter in graylog with converters?
i guess you are asking for this documentation link:
http://docs.graylog.org/en/2.0/pages/extractors.html?highlight=grok#using-grok-patterns-to-extract-data
with kind regards
Jan
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/CAGm-bLaT%2B3LcQtRAPQtGfc3Q-5r38aCAZfq_crLj%2Bnsrpv0azg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
[graylog2] converters in grok pattern
Hello people! Again stupid question:)
I try processed syslog message through grok pattern.
I get all the required fields.
But all them have string type.
And for example request http_code:<204 don't worked.
I found example define pattern as %{INT:http_code;int} (a semicolon, not a
colon as in elastic)
And it worked, index mapped in elastic as:
"http_code": {
"type": "long"
}
where exists manual as right use grok patter in graylog with converters?
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/e8629948-9a5c-4f9e-bdc1-88761e45a70a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
