Hi!
Totally new here with graylog and GROK patterns.
I already have Graylog 6.1 running with Docker and collecting log’s from my DHCP Server (Kea).
Now I’m trying to extract fields, but I’m kind lost here. First, I need to extract the first field from message and then decide which way to do…I mean, if message contains DHCP4_LEASE_ALLOC, use extractor X…if message contains DHCP4_PACKET_SENT, use extractor Y. How can I do this?
And the second question: where can I find more info about GROK patten? I was trying to figure out how to use using GROK Debugger, but I could not even get the second field to be parsed 
Here are some samples and tests that I’ve made to parse this message using GROK
