Extract string from field

malmsteen81 · March 1, 2018, 9:41am

hi, i use graylog to check http traffic from exchange. On exchange http log i have this field called UserAgent that contain value like this:

Microsoft Office/16.0 (Windows NT 6.1; Microsoft Outlook 16.0.4549; Pro)

How i can create a rule to spilt this message into two field like OS and program? And i can create a lookup table for Operating system like Windows NT 6.1 -> Windows 7?

thank you

Andrea

jan · March 1, 2018, 9:56am

you could use a REGEX for that or use a GROK pattern as extractor or processing pipeline for that.

sure you can create a lookup table - that would be a csv list

system · March 15, 2018, 9:57am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Extractor help needed Graylog Central (peer support)	2	805	March 15, 2021
Graylog Exchange Message Tracking Log Extractor Graylog Central (peer support) sidecar , nxlog , nodatanx , send-csv-logsnx	11	10184	June 13, 2017
Multiple Fields extractor regex Graylog Central (peer support)	2	2592	January 19, 2018
Sshd field username Graylog Central (peer support)	3	2257	June 26, 2017
Best practice - unwanted field extraction Graylog Central (peer support)	7	1531	January 19, 2022

Extract string from field

Related Topics