Grok parser for my below stuff not working

blason · November 10, 2018, 9:24am

HI Team,

I am trying to parse below line but seems this is not working. Can someone please help?

[2018-11-10 12:48:04] [2236] [http_80_tcp 3327] [192.168.1.2:53234] info: Request URL: http://192.168.1.39/test.doc

%{TIME:TIME}%{SPACE:SPACE}%{INT:port}

blason · November 10, 2018, 10:10am

OK I managed to resovle it…

jan · November 11, 2018, 6:02pm

sharing might be helpful for others - thank you.

blason · November 12, 2018, 2:22am

Oh sure, will share the parser.

blason · November 12, 2018, 9:03am

Here was the parser

   %{TIME:TIME}\] \[%{INT:PID}\] \[%{WORD:PORT} %{WORD:IGNORE}\] \[%{IPV4:IP}:%{INT:SRCPORT}\] %{WORD:TYPE}: %{WORD:METHOD} %{WORD:RESOURCE}: %{URI:URL}

system · November 26, 2018, 9:03am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Grok - Extractor Help Graylog Central (peer support)	7	402	June 7, 2021
Grok performance problem (max length ?) Graylog Central (peer support)	7	1018	March 10, 2020
Extractors not working Graylog Central (peer support) timestamp	7	970	May 18, 2022
Grok and Regex Input Extractors working in Try Example, not working in Search Graylog Central (peer support)	1	452	May 21, 2020
Grok pattern from documentation fails to match Graylog Central (peer support)	2	490	September 3, 2018

Grok parser for my below stuff not working

Related Topics