i have this log:
server23 service_server23_updater 2019-06-12 10:26:32.829 INFO 12786 --- [mer[send_notify]] notify_kafka_reader : REMOVE_PAIR received by id: '213bc8d9-b541-4d7b-a5b1-d53b8e6d81ea' number1: '35463810307477' number2: '432113968307140'
i want extract service_server23_updater
, 2019-06-12
, 10:26:32.829
, REMOVE_PAIR
,id
, number1
and number2
.
my extractor is:
%{WORD:server-name} %{WORD:service-name} %{TIMESTAMP_ISO8601:date} %{LOGLEVEl:log-level} %{WORD:action} %{QS:ID} %{QS:number1} %{QS:number2}
but I get:
Attention
We were not able to run the grok extraction. Please check your parameters.
as far as I know the grok patters have to match for the whole part, so you have to put something for the unneeded fields also.
It’s just a shorter regexp.
eg.
original:
number1: '35463810307477' number2: '432113968307140'
Try:
number1: ‘%{QS:number1}’ number2: ‘%{QS:number2}’
what graylog version did you use?
2.5.1
did you use the try button?
of course, yes
did you checked the server.log?
no.
thanks. yes, you are right. with this regexp I get number1
and number2
but for other filed … ?
I showed the way.
It’s your turn.
david via Graylog Community graylog@discoursemail.com ezt írta (időpont: 2019. jún. 13., Cs 17:59):
system
(system)
Closed
June 27, 2019, 4:05pm
7
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.