Hi everyone,
i’m currently working my way through pipelines and i have an issue with log messages looking like this:
2019-01-30 13:36:13.694640 W [9100:puma 015] API – Very important message from the API.
My Grok pattern so far:
%{TIMESTAMP_ISO8601:timestamp} %{WORD:severity} %{NOTSPACE} %{NOTSPACE:class_name} – %{GREEDYDATA:message}
This pattern is working on this grok test site (http://grokconstructor.appspot.com) but not in Graylog. If i remove the double hyphen from the Grok pattern like so:
%{TIMESTAMP_ISO8601:timestamp} %{WORD:severity} %{NOTSPACE} %{NOTSPACE:class_name} %{GREEDYDATA:message}
then Graylog starts to parse the messages but of course every message has leading “–” .
I’m testing this with the built in simulator from Graylog.
Does someone have a clue why Graylog Grok patterns doesn’t like the double hyphen?
Thanks in advance!