Graylog stream extractor

HI Guys,
I’m trying to add an extractor of a stream (msg=“Gateway Anti-Virus Alert: (Cloud Id: 75044252) Browsefox-6628766-0 (Adware) blocked.”) and i want to extract from the full message only Adware, Trojan, ransomware, etc)
I have tried many options but none of them is suitable.

Any idea how to extract only that specific word?

  1. you can create extractors to inputs, you can’t do on a stream.
  2. Use regexp.

i already tried to create an extractor but maybe because of my lack of knowledge, it doesn’t work

you can see many-many examples in the community.

Try to use this grok:


And read doc, to undestand:

i have create a grok pattern like adware|ransomware|trojan etc and than i have create extractor to full message with %{name _grock patter:action} and it worked.

thanks for your inputs

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.