Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
1. Describe your incident:
I’m using a UDP input to ingest a single log file from an Ubuntu server. The log entries look like this:
2026-03-30T16:17:16.528Z monitoring-agent ‘_er.16.expired.broken.mydomain.com.7._er.agent.mydomain.net/IN’
The input works, and the log is ingested, but now I’d like to be able to analyze the entries. I’d like to be able to parse the log entries into three fields: timestamp, agent name, and report string. I’d like to be able to search all three of these fields for matching log entries. I’ve read as much documentation as I can find, but I’m still unsure of how to proceed. I’ve created a stream, but it has no rules. How can I parse and analyze records from this log?
2. Describe your environment:
-
OS Information: Ubuntu 24.04.4 LTS
-
Package Version: Graylog Open 7.0.6-1
3. What steps have you already taken to try and solve the problem?
I’ve created a stream, but I’m unsure of how to add the needed rules.
4. How can the community help?
Describe how to parse the log entries and analyze the fields.