Grok pattern from documentation fails to match

hlm · August 17, 2018, 10:28am

Hello everybody,

i am helpless. I just installed graylog and want to make a simple test with grok pattern. I am using the example from the documentation:

message:
len=50824 src=172.17.22.108 sport=829 dst=192.168.70.66 dport=513
Grok pattern:
len=%{NUMBER:length} src=%{IP:srcip} sport=%{NUMBER:srcport} dst=%{IP:dstip} dport=%{NUMBER:dstport}

The pattern doesnt match in the Extractor configuration. The pattern %{DATA} also doesnt match. Can anyone tell me what i am doing wrong?

Update: ive also tried regular expressions. Nothing works. It seems that somethings wrong with my installation but i cant figure out what.

Update2: it seems that the message i sent via Java-Socket was not correct! Problem ist solved!

Thanks!

rivera · August 20, 2018, 4:39pm

In case you weren’t aware, there’s a great GROK debugger that can help develop and test out your GROK patterns in the future.

https://grokdebug.herokuapp.com/

system · September 3, 2018, 4:39pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
GROK Pattern fails to match Graylog Central (peer support)	2	1270	November 28, 2017
Grok Pattern Extractor Error Graylog Central (peer support)	5	1446	July 14, 2021
Grok Pattern doesn't execute Graylog Central (peer support)	7	4200	January 22, 2018
Not able to use Grok pattern in Graylog but works in extractor Graylog Central (peer support) grok-patternspl	4	232	June 19, 2024
Grok Pattern ExtractorNot Extracting Graylog Central (peer support)	7	1106	March 14, 2019

Grok pattern from documentation fails to match

Related topics