Grok Pattern line description

fnr67 · January 28, 2020, 12:28pm

localhost CROND[1979]: (root) CMD (run-parts /etc/cron.hourly)

How can I write this in the grok pattern path?

Ponet · January 28, 2020, 3:24pm

fnr67 · January 28, 2020, 3:58pm

I have a project that I should give tomorrow morning.
So I have to reach the direct result.Thanks for help.

shoothub · January 29, 2020, 7:56am

Try to use this:

%{SYSLOGHOST:logsource} %{PROG:program}(?:[%{POSINT:pid}])?: (%{USER:cron_user}) %{DATA:cron_action} (%{DATA:cron_message})

Great examples you can also find in:

system · February 12, 2020, 7:56am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How can we create pipline in graylog for multiple GROK pattern? Graylog Central (peer support)	1	251	December 25, 2020
Parsing AIDE outputs Graylog Central (peer support)	1	559	March 13, 2019
Give access to Grok filter Graylog Central (peer support)	3	362	November 13, 2020
How to run grok configuration in Graylog Graylog Central (peer support)	2	224	May 29, 2021
Basic, basic tutorial Graylog Central (peer support)	1	3085	August 16, 2017