Graylog Community

Hello, I need help in search and extractors, the elasticsearch find more fields than they really are

Graylog Central (peer support)

alfa June 10, 2019, 10:38pm 1

If in one field of my message exist “,” for example:

misg=“XX=xxx, YY=tt, … ZZ=iii”

And the search shows for example misg, XX, YY, …, ZZ like a fields but the real field is misg.

How to remove the XX, YY, ZZ and show only misg? Or… How to show only the fields find for the extractors?

Regards

jan (Jan Doberstein) June 12, 2019, 1:25pm 2

Sorry @alfa

I do not get your question.

alfa June 12, 2019, 9:26pm 3

I have fields in one of my fields and Graylog recognizes them as fields to each of these, I do not know if I am expressing myself correctly

jan (Jan Doberstein) June 13, 2019, 7:19am 4

maybe you post a screenshot?

alfa June 20, 2019, 1:04pm 5

I found that I would to change something in Mongodb for this. Thanks for your time

jan (Jan Doberstein) June 21, 2019, 8:56am 6

sharing is caring - what did you do? Maybe someone else can learn?

system (system) Closed July 5, 2019, 8:56am 7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views	Activity
Regex Search in message / Chars like ", ==, <=, etc / Problem Graylog Central (peer support)	5	795	October 14, 2019
Best practice - unwanted field extraction Graylog Central (peer support)	7	1328	January 19, 2022
Fields shown in JSON extractor preview missing in processed messages Graylog Central (peer support)	2	1598	September 30, 2017
Searching on extracted fields Graylog Central (peer support)	3	488	October 4, 2019
Specific field not indexed correctly and search not working Graylog Central (peer support)	8	2567	November 12, 2020