Rexgex Extractor - for pfsense devices

derPhlipsi · March 9, 2017, 9:48am

Hey,

here are two solutions:

Solution 1: Getting all fields:

Two Extractors, first a GROK to remove syslog-header (actually, why is it in there?), second a Copy-Input with csv-converter.

The GROK Extractor:

The Copy-Input with CSV To Fields converter
Note: In the field names attribute, there are 29 fields needed, since the csv is 29 columns wide. Use appropriate names if they are known for better readability.

This is the result:

Solution 2: Only 20th (n th) field.

Use a Split and Index Extractor, that splits on “,” (comma) and set the target index to 20.

The result:

Greetings - Phil

PS: For your convenience: value1,value2,value3,value4,value5,value6,value7,value8,value9,value10,value11,value12,value13,value14,value15,value16,value17,value18,value19,value20,value21,value22,value23,value24,value25,value26,value27,value28,value29

Topic		Replies	Views
Extractor using CSV converter for space delimited messages? Graylog Central (peer support)	6	3874	December 24, 2018
Extractor help needed Graylog Central (peer support)	2	818	March 15, 2021
Extractor works in test but not on message Graylog Central (peer support)	6	929	March 3, 2019
Extractor dont'works Graylog Central (peer support)	4	346	May 27, 2020
Trouble with CSV Converter Graylog Central (peer support)	1	580	June 3, 2020

Rexgex Extractor - for pfsense devices

Solution 1: Getting all fields:

Solution 2: Only 20th (n th) field.

Related topics