Hi,
I have created simple input extractor in Grok to filter port number from my syslog msg. It is working in Try example, but not working in search.
My Grok pattern: %{GREEDYDATA} port%{INT:Port}
My Partial Message 1: “0000:0b:00.0 port2: NIC Down”
This Grok pattern is working fine in the online testers. Also, under the search, this was working for another message type as below:
My Partial Message 2: “SysMon: port1:port1 to alias_map”
Also, I did the same with Regex, it gave me the same results. Working with all others, but not with message1.
Please help to figure out the issue with my message1.