Hi Guys
Maybe someone can point out where im going wrong with my Grok pattern here?
(?:%{SYSLOGTIMESTAMP:timestamp}|%TIMESTAMP_ISO8601:timestamp8601})(?:%{SYSLOGHOST:logsource})
(?:%{YEAR}): (?:%{MONTHNUM}):(?:%{MONTHDAY})-
(?:%{HOUR}):(?:%{MINUTE}):(?:%{SECOND})
--
You received this
Thanks, now it’s working.
Cheers,
Zsolt
From: graylog2@googlegroups.com [mailto:graylog2@googlegroups.com] On Behalf Of
Jochen Schalanda
Sent: Wednesday, October 21, 2015 3:49 PM
To: Graylog Users <graylog2@googlegroups.com>
Subject: Re: [graylog2] grok pattern not working
Hi Zsolt,
Hi Zsolt,
that's no valid grok pattern on your screenshot.
You can for example import the standard grok patterns from Logstash (
https://raw.githubusercontent.com/logstash-plugins/logstash-patterns-core/master/patterns/grok-patterns)
into Graylog.
Cheers,
Jochen
On Wednesday, 21 October 2015
te:
>
> Yes.
> Like this:
>
>
>
> Cheers,
> Zsolt
>
> From: graylog2@googlegroups.com [mailto:graylog2@googlegroups.com] On Behalf
> Of Jochen Schalanda
> Sent: Tuesday, October 20, 2015 4:03 PM
> To: Graylog Users <graylog2@googlegroups.com>
> Su
: Re: [graylog2] grok pattern not working
Hi Zsolt,
That is only one part of it, you first need to create Grok patterns in System
-> Grok patterns. You can create them by hand or import a file including the
most common ones.
Regards,
Edmundo
> On 21 Oct 2015, at 12:57, Osztr
Hello Guys!
I'd like to setup an extractor with Grok pattern.
This is my sample message and pattern:
10.10.1.1 - - [13/Oct/2015:17:19:54 +0200] "GET //ed98/561/this.m3u8
HTTP/1.1" 200 388 "http://10.1.1.1/hls.php?o==2kV=BASE64;
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11)
