Graylog extractor


(Blason) #1

Hi Team,

Lets suppose if I am injegsting logs through standard syslog which does not conform with standard syslog RFC; would it be possible to parse the logs in graylog once they hit Graylog? Or do I need to put logstash in between and then work on GROK patterns?

Can someone please advise?

And if changing logos and NASA image is the same procedure with 2.4 as well?

Thanks and Regards,
Blason R


(Blason) #2

especially the message that appears after login

Welcome to graylog…


(Megan) #3

Yes Blason. If it’s non-standard RFC, it will not parse automatically but you can create Grok patterns from graylog to apply to the messages as they are coming in. You can either apply the extractor to the input or use the grok function in a pipeline.

I’d recommend using Grok debug (https://grokdebug.herokuapp.com) to write a pattern that will work on the logs and then read up on extractor or the grok function in the pipeline to apply the pattern.


(Blason) #4

Excellent,so resource wise which one to opt for? Logstash or Extractors? if I have around 1-1.5 EPS


(Jan Doberstein) #5

For non-RFC messages I would recommend using the RAW Input and then parse the messages like @megan201296 suggested.

Changing Logos, Images and Colors in Graylog is only able when you download the source, change the parts you want to change and then compile your personal graylog.


(Blason) #6

Awesome…and much appreciated the quick response.

For customization is there a online document available or if could point me to any such article which can hep me in compiling it?


(Jan Doberstein) #7

For customization is there a online document available or if could point me to any such article which can hep me in compiling it?

sorry, we do not provide such help - maybe someone else, who already had done this can share the knowledge.


(Blason) #8

Ok - No issues thanks for the help!!


(system) #9

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.