Regex's extractor doesn't going well

Hey there I need ur help plssss :)), I’ve tried to make an extractor to extract my fortigate’s logs using regex. I want to grep value of crlevel field with any criteria, but in the preview it’s just crlevel with “high” value is noted (there’s 4 type of value, it’s “critical”, “high”, “medium”, “low”). So it’s all, I wish someone can help me solve this problem. There’s the pict included based on preview.
extractor :

“title”: “FortiGate Severity”,
“extractor_type”: “regex”,
“converters”: ,
“order”: 0,
“cursor_strategy”: “copy”,
“source_field”: “message”,
“target_field”: “FGT_Severity”,
“extractor_config”: {
“regex_value”: “crlevel=\"(\w+)\"”
“condition_type”: “none”,
“condition_value”: “”
“version”: “5.0.3”

Have your tried this? This regex should extract the value of the “crlevel” field: crlevel="(\w+)" .

I hope this helps.

Yes, I have. but it’s still the same, its just grep “high” value for crlevel, and the others considered as empty value which is actually have another value like “critical” and “medium”

1 Like


I hve Fortigate Firewalls

Are you trying to Graph the “LEVEL” (i.e, “critical”, “high”, “medium”, “low”) on the Graph? If this is correct here is mine.


Here it is with a pie chart.


Not sure what you did. Looks like your exetracting the Level Info into a field and displaying it, Is this correct?

Example, here part of the log file

subtype=“local” level=“notice” vd=“The-Lab” eventtime=1675808723 srcip= srcport=138 srcintf=“”


I barely seen this in the picture.
What happens when you remove the command in the search bar? shown here


The reason i ask is if the field is already create to extrac the LEVEL info then that all you need to create you widget.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.