i’m trying to Create a new grok extractor for the following message
03:22:40.734|User | 192.168.1.1| 127.0.0.1|(678): Error message goes here
this works in GROK debugger but when i put it in graylog i get the following error: Check parameters
I have found where it doesn’t like it, between SourceIP} and |. When i remove everything after SourceIP it works. I put in GREEDYDATA and get
| 127.0.0.1|(678): Error message goes here.
Do all referenced Grok patterns exist in your Graylog cluster? Check at System/Grok patterns.
Anything in the logs of your Graylog nodes?
all grok patterns exist. Running 2.4.3
I can’t get to the logs in the server.
Omnibus Package version 2.4.0-rc.2 -
I get access denied when using ubuntu username in the cli
Which one are you running?
You have to be root to access these files. You can use
sudo to get root privileges as “ubuntu” user.
sorry i was in the middle of upgrading graylog to the latest. So currently running 2.4.3
Log File last 50 lines
Grok Debugger Check
Please create a bug report at
https://github.com/Graylog2/graylog2-server/issues and include the complete logs of your Graylog node(s), the failing Grok pattern, one or more example messages, and a content pack of all Grok patterns in your Graylog cluster (System/Content Packs/Create a content pack) or alternatively a dump of the “grok_patterns” collection in MongoDB.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.