Grok and Regex Input Extractors working in Try Example, not working in Search

Hi,

I have created simple input extractor in Grok to filter port number from my syslog msg. It is working in Try example, but not working in search.
My Grok pattern: %{GREEDYDATA} port%{INT:Port}
My Partial Message 1: “0000:0b:00.0 port2: NIC Down”

This Grok pattern is working fine in the online testers. Also, under the search, this was working for another message type as below:
My Partial Message 2: “SysMon: port1:port1 to alias_map”

Also, I did the same with Regex, it gave me the same results. Working with all others, but not with message1.

Please help to figure out the issue with my message1.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.