GROK Pattern fails to match


(Jamen Mc Granahan) #1

Hello -

I am having an issue in extracting my data from one of my logs using the GROK Pattern option. In https://grokdebug.herokuapp.com/, I was able to create a pattern that outputs what I am looking for, yet when I try that same pattern in Graylog, I get an error: “Attention We were not able to run the grok extraction. Please check your parameters.”

Here is an example logfile line:
“38.105.83.44”,“1611VruCr8X9b79”,“xxxxx”,"[13/Nov/2017:11:17:58 -0600]"

This is what works on the herokuapp site:
"%{IPV4:IP}","%{WORD:Session}","%{USERNAME:VUNetID}","%{SYSLOG5424SD:Timestamp}"

which fails on Graylog, so I tried %{HTTPDATE}, which also fails. Any suggestions and/or ideas??

Jamen McGranahan


(Jan Doberstein) #2

Hej @jmcgranahan

you could add new Patterns to Graylog. Just navigate to “System > Grok Patterns” and add the missing.

In Addition where did you tried to use those patterns? Extractors or Pipelines? Did you escape the " with \"

regards
Jan


(system) #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.