Grok Pattern line description

fnr67 · January 28, 2020, 12:28pm

localhost CROND[1979]: (root) CMD (run-parts /etc/cron.hourly)

How can I write this in the grok pattern path?

Ponet · January 28, 2020, 3:24pm

fnr67 · January 28, 2020, 3:58pm

I have a project that I should give tomorrow morning.
So I have to reach the direct result.Thanks for help.

shoothub · January 29, 2020, 7:56am

Try to use this:

%{SYSLOGHOST:logsource} %{PROG:program}(?:[%{POSINT:pid}])?: (%{USER:cron_user}) %{DATA:cron_action} (%{DATA:cron_message})

Great examples you can also find in:

system · February 12, 2020, 7:56am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Grok Pattern doesn't execute Graylog Central (peer support)	7	4194	January 22, 2018
I need some GROK Assistance Graylog Central (peer support)	2	308	October 28, 2021
Grok - Extractor Help Graylog Central (peer support)	7	447	June 7, 2021
Log Extractor Help Graylog Central (peer support) grok-patternspl	2	561	April 24, 2023
Grok pattern from documentation fails to match Graylog Central (peer support)	2	529	September 3, 2018