Hello all, I’m new to graylog and I have a controller that sends me the log as below, I’m able to extract the fields from the first line but then I don’t know how to for the next lines, because they can be 1,2,3 or 4 (as per example below), also there are no fields indicating the number of lines.
Ideally I would need to split each message in individual messages, is there a way for that ?
The controller decides to group them in a individual message but in reality they are multiple individual messages with the same fields each.
[1658235227.150067043] AP MAC=d8:07:b6:a6:e1:04 MAC SRC=ec:8a:c4:0f:8a:aa IP SRC=192.168.250.141 IP DST=192.168.250.140 IP proto=6 SPT=55443 DPT=44144 [1658235227.160067043] AP MAC=d8:07:b6:a6:e1:04 MAC SRC=ec:8a:c4:0f:8a:aa IP SRC=192.168.250.141 IP DST=192.168.250.140 IP proto=6 SPT=55443 DPT=44144 [1658235228.480067043] AP MAC=d8:07:b6:a6:e1:04 MAC SRC=ec:8a:c4:0f:8a:aa IP SRC=192.168.250.141 IP DST=192.168.250.1 IP proto=17 SPT=51120 DPT=53 [1658235228.530067043] AP MAC=d8:07:b6:a6:e1:04 MAC SRC=70:89:76:0c:f8:6b IP SRC=192.168.250.132 IP DST=255.255.255.255 IP proto=17 SPT=53860 DPT=6667
