Regular expression + Json Extractor not working?

Hi guys im having some trouble Im triying to extract json from this code, tried default json with default values and nothing seems to happen.

{"event_type":"Threat_Event","ipv4":"172.16.15.201","hostname":"pruebas1-w10","source_uuid":"cd3e0cd1-05ed-46e6-946d-289aa8208c8b","occured":"25-Mar-2021 08:53:56","severity":"Warning","threat_type":"test file","threat_name":"Eicar","scanner_id":"HTTP filter","scan_id":"virlog.dat","engine_version":"23021 (20210325)","object_type":"file","object_uri":"https://secure.eicar.org/eicar.com","action_taken":"connection terminated","threat_handled":true,"need_restart":false,"username":"PRUEBAS1-W10\\usuario","processname":"C:\\Program Files\\Mozilla Firefox\\firefox.exe","circumstances":"Event occurred during an attempt to access the web.","hash":"3395856CE81F2B7382DEE72602F798B642F14140"}

Im using Graylog v4.0.5+d95b909
I have follwed this post JSON extractor not working? but when I try regex extractor and press try nothing seems to happen, neither error neither extract, any clues?

This is how it shows up as imput

graylog1762×818 8.68 KB

in my case i used regex extractor to remove some leading bytes that broke json extractor, then i just used json extractor and it works, eset server just sends kinda broken json

my regex extractor wasnt working properly I restarted service and now seems to work, when i did press try nothing would show up so I guess it was bugged out or something.

Ty for you response ill try now again

EDIT: Tried with ^\uFEFF(\{.*\}) which is the one you shared, but also you said you messed up order, can you share yours if you sill using them ? @maniel

EDIT2: In the end it ended up working, I used ({.*}) as regex extractor which i did try before but did not work, unlucky I guess.

Regradless, thanks for your help.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.