Connecting an extractor to a input

Hi.

I am using graylog 2.4.1 and i sucesfully deployed collectors, streams and inputs.
But i am not being able to connect an extractor to a input/stream.

Under the syslog UDP input i added an extractor that speficifc tries to matches all messages, it loads a example message and it got extracted (it shows up the field that are being extracted) but no message is extracted.

All the messages formed in the same way in the same input, doesnt get extracted.
And sorry, in the documentation it says how to create an extractor, but not what to do next:

• Add to a pipeline?
• Add to a rule?
• Dance around it in circles

the extractor is always bound to the input - period.

It does not need any further actions after you created and saved the extractor. If this does not work, the extractor is not working.

Hi Jan.
Thanks for the reply.

I will try to upload an image of the extractor’s panel, it seems it is in fact processing messages but not piping them out.

2018-08-29 09_38_38-Graylog - Extractors of Syslog UDP.png2504×1183 161 KB

And the grok is applied to the stream which is being piped from the input

2018-08-29 10_14_17-Graylog - Stream Hadoop messages - Search.png1888×436 36.6 KB

Your full_message does not match the Grok pattern you try to use.

another screenshot, it returns me the info as i requested

2018-08-29 13_53_00-Graylog Web Interface - New extractor for input Syslog UDP.png2525×1159 98.8 KB

You discovered that the system is not consistent.

The GROK Pattern need to match the complete field - in the processing. But the try does also match partly.
Please open an issue for that: https://github.com/Graylog2/graylog2-server/issues

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.