Hi Community, Im new to graylog, Im having a challange to extract the following using the grok pattern, Im trying to extract the component to a new field.
%{GREEDYDATA}\s+%{GREEDYDATA:COMPONENT}
sample Data :
DURATION PAGE_URL TIMESTAMP_DERIVED COMPONENT
206 14507.0 /lightning/cmp/vlocity_cmt__vlocityLWCOmniWrap… 2024-08-14T12:15:47.096Z c:dfacPQCreateOrderEnglish
207 5352.0 /lightning/cmp/vlocity_cmt__vlocityLWCOmniWrap… 2024-08-14T12:16:00.937Z c:dfacPQCreateOrderEnglish
227 7018.0 /lightning/cmp/vlocity_cmt__vlocityLWCOmniWrap… 2024-08-14T12:28:07.179Z c:dfacPQCreateOrderEnglish
It looks good on Grok Debugger but on Graylog im getting this error :
Errors: Unknown function message in line 9 pos 29 mismatched input ‘’ expecting {‘)’, ‘[’, ‘,’, ‘.’, ‘+’, ‘-’, ‘‘, ‘/’, ‘%’, ‘<=’, ‘>=’, ‘>’, ‘<’, ‘==’, ‘!=’, And, Or} Missing required parameter value of type String in call to function grok in line 7 pos 34 extraneous input ‘%’ expecting {’(‘, ‘[’, ‘{’, ‘+’, ‘-’, Not, ‘$message’, Boolean, Integer, Float, Char, String, Identifier} token recognition error at: ‘"%{GREEDYDATA}\s’ Undeclared variable COMPONENT in line 8 pos 41 mismatched input ‘“,\n value: to_string($message.”’ expecting {’)', ‘[’, ‘,’, ‘.’, ‘+’, ‘-’, '’, ‘/’, ‘%’, ‘<=’, ‘>=’, ‘>’, ‘<’, ‘==’, ‘!=’, And, Or} token recognition error at: ‘")\n);\nset_fields(\n fields: gl2_fragment_grok_results\n);\nend’ Expected type String for argument pattern but found Map in call to function grok in line 7 pos 34