Hi folks,
I am new to graylog and am trying to get a grasp on the whole extractor situation. I did manage to sort a few messages using either GROK patterns or regex for a few message types but I am by no means an expert in regex and can’t get my head around how to attempt to extract the individual fields from the following message from UniFi
`<14>Feb 27 11:35:01 U7LR,18e829a3542b,v4.3.28.11361: : stahtd[30670]: [STA-TRACKER].stahtd_dump_event(): {"mac":"84:0d:8e:85:f0:49","message_type":"STA_ASSOC_TRACKER","vap":"ath3","event_type":"fixup","assoc_status":"0","event_id":"3","dns_resp_seen":"yes","arp_reply_gw_seen":"yes","auth_ts":"0.0"}`
It would be very helpful if someone could point me in the right direction.
My attempt so far was to use a regex extractor and store the stahtd_dump_event and wanted to sort the rest out by using a converter but no matter if I use a CSV to fields or key_value=pair, I don’t get the desired output. I believe that the message is a mix of CSV and key=value pairs.
Am I even on the right track using the converter or would you suggest looking into a different way of approaching the issue?