I hope you could help me with a problem i have.
In Graylog i like to create System Monitoring for some systems.
The Data which is send to graylog looks like that:
“07/04/2022 15:50:02.640”,“1.0137724778328194”,“880595”,“83.980323735209666”,“9.488246359277575”,“65535”,“59634”
Now i want to extract every single value in between of thsi sign: "
and add it to a own field.
But i dont know how to do that.
I cant exclude it with key_value_parses. This module want a message look similiar like that:
key1:value1,key2:value2,…
and so on.
So normally key value parser seperates a string in a map where the key(field_name) and the value is in the string.
In my case i want to sperates only values and add fields to them because i know the order of the values.
I moved your post to Graylog Central and kept your tags for pipeline. The other category is for displaying examples and templates for others to use.
Need to ask a couple questions…
What version of software are you using ( elasticsearch, graylog, operating System)?
Do you have a example of what’s been tried?
Best suggestion is to search the forum on what you want (i.e. here), try it out and post back here. Not only what was tried but what the output was. This would give a better idea to troubleshoot any issues.
Meant to add in there that there are web sites to practice/test regex and GROK… I am reasonably familiar with both but I still use those web sites to prove out what I am trying to do…
