I’ve reviewed a few different posts on here to try and figure out how to create a regex extractor to pull an IP address from a message that is being forwarded from a client ubuntu machine into Graylog but am falling short of getting anything to successfully pass the test. Any help is greatly appreciated.
Message I am pulling from “Accepted password for admin from 192.168.1.5 port 61473 ssh2”
I have tried the following regex from another post and it does not pass the example test
If there is a better way of doing this such as a grok lookup let me know.