Create custom filter from Graylog message

Hello All,
Graylog is working as expected and now my requirement is to create another custom filter from graylog stream message. For example, I get below message in “message” filter

message : 10.0.2.2 - - [15/Feb/2019:11:20:41 +0000] “GET /asda HTTP/1.1” 404 555 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36” “-”

now my requirement is to show 555 in a separate filter which is the time in millisec to serve this request. Is this possible at all?

Thanks for reading and helping me out.

Don’t exactly know what you mean by that sentence… But basically you can use a pipeline to extract information into separate, custom fields.

that looks very similar to a HTTP Log - that can be extraced with the GROK Pattern for HTTPLOG CHeck the docs how to use them.

Thanks Jan for your reply, yes, I want to extract 555 from the message into separate custom field. Could you please give me a documentation link to use GROK pattern for HTTPLOG? I would be grateful.

please lean back, close your eyes, breath for a minute.

After opening your eyes again, look again at this webpage and search the word “Documentation” if you found that - try to click with your cursor on that word and maybe it will redirect you to the documentation of Graylog - where you are able to search and type in the work GROK.

Hey Jan, cool, I did exactly what you told and I made it. Thanks very much and have a nice weekend.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.