Graylog Extractor by Regular Expression

How do I extract the json data {…} and eliminate the “created live/iot” by Graylog regular expression? Thanks.

created live/iot {"consumerGroup":"iot-gtwinsg","eventBody":{"iotData":[{"id":{"reading":"2937905364672184327"},"milestones":[{"reachedAt":1689072389000,"value":40}],"name":{"reading":"Sensor-4"},"pourStatus":{"reading":"NOT_STARTED"},"siteID":{"reading":382},"sparefield1":{"name":"n/a","reading":0,"unit":"n/a"},"sparefield2":{"name":"n/a","reading":0,"unit":"n/a"},"startAt":{"reading":1689013941000},"strength":{"reading":34.0870350497826,"unit":"MPa"},"temperature":{"reading":25.6608451099238,"unit":"C"},"updateTime":1693401730122,"url":{"reading":"https://app.converge.io#/view/2937905364672184327"}}],"iotHeader":{"deviceInfo":{"category":"Concrete","deviceId":"24f1fd58-752b-477c-a50e-4b606790ae48","installedDate":"2023-07-13","manufacture":"Converge","modelId":"1","modelType":"n/a","subCategory":"ConcreteStrength"},"groupId":"grouptest","location":{"altitude":3,"building":"n/a","latitude":22.26015,"level":"n/a","longitude":114.12912,"room":"n/a","zone":"n/a"},"phase":"Phase 1","projectId":"10000","projectName":"Internal Testing Project","target":"GTWINDEV","version":0.1}},"id":"24f1fd58-752b-477c-a50e-4b606790ae48","partition":"0","ts":1693401731992}

I recommend using pipelines. We’ve recently published a helpful blog covering this: Graylog Parsing Rules and AI Oh My! . Give that a go and let us know if you have any questions

Hi,

I would create a first extractor to eliminate unwanted parts to only keep the JSON with a simple regex such as:

({.*})

Then I would create a JSON extractor based on the field extracted by the first one.

Or if you prefer pipelines you can create a rule with exactly the same logic.