Extractor dont'works

MDJ · May 6, 2020, 12:38pm

Hi

Mrs,Mr

I need help with the extractor.
I had this message (see below)

pri=4 c=458963 m=48 msg="Connection Opened" app=325678 appName="General UDP" n=690471732 proto=udp/85697 sent=42 rule="874

I try to extract “appname=” everytime this software see this word
So I try with a regular expression but the exctrator don’t work and the new field don’t create him in the messages ID

Someone can help me ?
Thanks
This is my configuration of my extractor

PS: I am French I hope which you understand my message and I am sorry in order to my fault spelling.

shoothub · May 7, 2020, 4:08pm

I think your regex in not OK. Try to always check ouput by clicking on button Try. Try this regex instead of yours:

appName=“(.*)”

You can also use some online regex testers e.g.:

MDJ · May 11, 2020, 3:38pm

Thanks Shoothub.

I have a other question.
I would have just the field “appName” and not the rest of my messages . You think it’s possible with a Regex because when I do a grok parttern it’s work but it’s very hard to cut the message with a field and like my message isnot a same when I use Split & Index isnot working too.

shoothub · May 13, 2020, 10:24am

Try to use this:

appName=“([^”]+)"

system · May 27, 2020, 10:24am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Extractor works in test but not on message Graylog Central (peer support)	6	929	March 3, 2019
Difficulties to apply extractors using regex Graylog Central (peer support) key_value	47	2525	April 22, 2022
Regex extractor bug? Graylog Central (peer support)	2	710	November 14, 2019
Unable to get some REGEX extractors working Graylog Central (peer support)	3	825	November 19, 2019
Problems with regular expression extractor for json (prior to json extractor) Graylog Central (peer support)	2	907	December 5, 2022

Extractor dont'works

Related topics