Unable to parse valid json fileld using input extractor

pradip.d · June 22, 2021, 9:16pm

I am trying to extract a JSON field which is a valid json but input extrator unable to extract field out of it and saying “Nothing will be extracted”,
What is happenning, All the value is getting extracted automatically except “host”, which is the first value.

Sample Logs:
[{"value":"some.host.name","name":"host"},{"value":"\" Not;A Brand\";v=\"99\", \"Google Chrome\";v=\"91\", \"Chromium\";v=\"91\"","name":"sec-ch-ua"},{"value":"1","name":"dnt"},{"value":"?0","name":"sec-ch-ua-mobile"},{"value":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36","name":"user-agent"},{"value":"image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8","name":"accept"},{"value":"same-origin","name":"sec-fetch-site"},{"value":"no-cors","name":"sec-fetch-mode"},{"value":"image","name":"sec-fetch-dest"},{"value":"https://Some.url.and/path","name":"referer"},{"value":"gzip, deflate, br","name":"accept-encoding"},{"value":"en-US,en;q=0.9","name":"accept-language"}]

dscryber · July 1, 2021, 6:32pm

Welcome to the community, Pradip! We’re glad you’ve joined us.

Moving your question to Daily Challenges to increase the liklihood of responses to your post. Have you looked that this. Let me know if it helps:

github.com/Graylog2/graylog2-server

JSON Extractor doesn't work with ESET Syslog

opened 11:37AM - 29 Jan 20 UTC

qarmin

bug triaged

Hi, I'm tried to extract JSON message sended by ESET with builtin JSON Extract…or, but I'm unable to do this. I'm getting from Eset ESMC syslogs log which have in message field this `{"event_type":"Audit_Event","ipv4":"www","hostname":"asfasfaas","source_uuid":"fase4b96","occured":"29-Jan-2020 09:50:07","severity":"Information","domain":"Domain group","action":"Logout","target":"wfe56615b","detail":"Logging out domain user 'asf.asf'.","user":"asf.asf","result":"Success"}` This message should be properly extracted to multiple fields, but I have each time only `Nothing will be extracted` message. ![12](https://user-images.githubusercontent.com/41945903/73353534-d33f7b00-4293-11ea-9434-a22bf720175c.png) ## Steps to Reproduce (for bugs) 1. Configure Eset 7 ESMC to send JSON Syslogs 2. Create input in Graylog 3. Wait to first log message 4. Try to create JSON extractor(Just try to get properly text when clicking at "Try" button) ## Your Environment * Graylog Version: 3.2.0-3.beta.3 * Elasticsearch Version: 6.8.6-1 * MongoDB Version: 4.0.14-1.el7 * Operating System: CentOS 7 * Browser version: Firefox 72.0.2

shoothub · July 1, 2021, 9:15pm

Hi @pradip.d,
please be more verbose, where is your problem because it’s not very clear. Please post example (screenshot) which fields were extracted and which not.

Anyway that json is very strange, please post what you want to extract, which fields and in which format, please send example.

system · July 15, 2021, 9:16pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
JSON extractor not working Graylog Central (peer support) pipeline-rules	10	6166	August 22, 2020
JSON Extractor stops messages from showing up in input Graylog Central (peer support)	9	1138	August 10, 2022
JSON extractor not working? Graylog Central (peer support)	5	4869	September 24, 2018
Can't extract from JSON Graylog Central (peer support) pipeline-rules	5	2105	September 7, 2020
Trying to configure a json extractor but get nothing to extract message Miscellaneous	1	440	June 20, 2023

Unable to parse valid json fileld using input extractor

Related topics