GROK Pattern fails to match

jmcgranahan · November 13, 2017, 7:13pm

Hello -

I am having an issue in extracting my data from one of my logs using the GROK Pattern option. In https://grokdebug.herokuapp.com/, I was able to create a pattern that outputs what I am looking for, yet when I try that same pattern in Graylog, I get an error: “Attention We were not able to run the grok extraction. Please check your parameters.”

Here is an example logfile line:
“38.105.83.44”,“1611VruCr8X9b79”,“xxxxx”,"[13/Nov/2017:11:17:58 -0600]"

This is what works on the herokuapp site:
"%{IPV4:IP}","%{WORD:Session}","%{USERNAME:VUNetID}","%{SYSLOG5424SD:Timestamp}"

which fails on Graylog, so I tried %{HTTPDATE}, which also fails. Any suggestions and/or ideas??

Jamen McGranahan

jan · November 14, 2017, 7:26am

Hej @jmcgranahan

you could add new Patterns to Graylog. Just navigate to “System > Grok Patterns” and add the missing.

In Addition where did you tried to use those patterns? Extractors or Pipelines? Did you escape the " with \"

regards
Jan

system · November 28, 2017, 7:26am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Grok pattern from documentation fails to match Graylog Central (peer support)	2	489	September 3, 2018
Grok Pattern doesn't execute Graylog Central (peer support)	7	3989	January 22, 2018
Log Extractor Help Graylog Central (peer support) grok-patternspl	2	427	April 24, 2023
Grok - Extractor Help Graylog Central (peer support)	7	401	June 7, 2021
Grok Pattern Extractor Error Graylog Central (peer support)	5	1243	July 14, 2021

GROK Pattern fails to match

Related Topics