tmacgbay
February 1, 2022, 9:02pm
2
You could use GROK or regex to pull that out.
It is hard to offer help without knowing much about your environment… I don’ t know if you are using extractors or functions in the pipeline… Here are some links to read about how to ask questions and explain your environment - maybe reading through those you can explain a little better about your environment and what you have tried?
This platform is made with love for community discussions on the open source tool Graylog, it components and usage.
Here’s a Graylog support-inspired template (thank you, @aaronsachs ) that’ll get responses:
TIPS for Posting Questions that Get Answers:
*The following is a compendium of tips to help you organize your question and have better success for getting a solution to the incident you are having. First, a short list, then some detail on how to pull and post information from your systems.
When you create a new Topic for the community to review with you:
Search Graylog Documentation, the Graylog community forum, Google … the answer may be out there!
Have a short informative subject such as:…
