Problems with log message containing a double hyphen


Hi everyone,

i’m currently working my way through pipelines and i have an issue with log messages looking like this:

2019-01-30 13:36:13.694640 W [9100:puma 015] API – Very important message from the API.

My Grok pattern so far:

%{TIMESTAMP_ISO8601:timestamp} %{WORD:severity} %{NOTSPACE} %{NOTSPACE:class_name} – %{GREEDYDATA:message}

This pattern is working on this grok test site ( but not in Graylog. If i remove the double hyphen from the Grok pattern like so:

%{TIMESTAMP_ISO8601:timestamp} %{WORD:severity} %{NOTSPACE} %{NOTSPACE:class_name} %{GREEDYDATA:message}

then Graylog starts to parse the messages but of course every message has leading “–” .

I’m testing this with the built in simulator from Graylog.

Does someone have a clue why Graylog Grok patterns doesn’t like the double hyphen?

Thanks in advance!

(system) closed #2

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.