Graylog Community

Hello, I need help in search and extractors, the elasticsearch find more fields than they really are

Graylog Central (peer support)

alfa June 10, 2019, 10:38pm 1

If in one field of my message exist “,” for example:

misg=“XX=xxx, YY=tt, … ZZ=iii”

And the search shows for example misg, XX, YY, …, ZZ like a fields but the real field is misg.

How to remove the XX, YY, ZZ and show only misg? Or… How to show only the fields find for the extractors?

Regards

jan (Jan Doberstein) June 12, 2019, 1:25pm 2

Sorry @alfa

I do not get your question.

alfa June 12, 2019, 9:26pm 3

I have fields in one of my fields and Graylog recognizes them as fields to each of these, I do not know if I am expressing myself correctly

jan (Jan Doberstein) June 13, 2019, 7:19am 4

maybe you post a screenshot?

alfa June 20, 2019, 1:04pm 5

I found that I would to change something in Mongodb for this. Thanks for your time

jan (Jan Doberstein) June 21, 2019, 8:56am 6

sharing is caring - what did you do? Maybe someone else can learn?

system (system) Closed July 5, 2019, 8:56am 7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views	Activity
Deleted fields still appear in search Graylog Central (peer support)	12	686	January 17, 2022
Remove some fields from message Graylog Central (peer support)	7	1330	August 25, 2022
Regex Search in message / Chars like ", ==, <=, etc / Problem Graylog Central (peer support)	5	1038	October 14, 2019
Best practice - unwanted field extraction Graylog Central (peer support)	7	1594	January 19, 2022
Changing the Extractors field mapping Graylog Central (peer support)	2	651	February 21, 2019