I am trying to use the API to create an extractor for a message input. I am using the “Try it out!” button on the api browser link. Here is the JSON I am trying to use.
{
“title”: “ASA TCP Connection Teardown”,
“cut_or_copy”: “copy”,
“source_field”: “message”,
“target_field”: “”,
“extractor_type”: “grok”,
“extractor_config”: {
“grok_pattern”: “ASA-\d-%{WORD:asa_messageid:int}: %{WORD:asa_action} %{WORD:asa_proto} connection %{BASE10NUM:asa_conn_id} for %{NOTSPACE:asa_interface_in}:%{IPV4:asa_src_ip}/%{BASE10NUM:asa_src_port}to %{NOTSPACE:asa_interface_out}:%{IPV4:asa_dst_ip}/%{BASE10NUM:asa_dst_port} duration %{TIME:asa_conn_durration} bytes %{BASE10NUM:asa_conn_bytes;long}”
},
“converters”: “”,
“condition_type”: “regex”,
“condition_value”: “ASA-\d-302014: Teardown TCP”,
“order”: 0
}
It seems like its having an issue with the converters section. When I input it I get:
{
“type”: “ApiError”,
“message”: “Can not construct instance of java.util.LinkedHashMap: no String-argument constructor/factory method to deserialize from String value (’’)\n at [Source: org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$UnCloseableInputStream@4ce8f6f1; line: 10, column: 19] (through reference chain: org.graylog2.rest.models.system.inputs.extractors.requests.CreateExtractorRequest[“converters”])”
}
If I remove it says that it has a problem with a null convertor:
{
“type”: “ApiError”,
“message”: “Can not construct instance of org.graylog2.rest.models.system.inputs.extractors.requests.CreateExtractorRequest, problem: Null converters\n at [Source: org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$UnCloseableInputStream@20c394d8; line: 13, column: 1]”
}
Any help would be greatly appreciated!