I am attempting to create an extractor. So far, so good, however there are two options that do not appear in documentation and I do not understand what they do.
- Named captures only
- Extraction strategy
Q: What do these options do?
welcome to the community. Named captures only is for Grok based extractors. This means that you will get only fields extracted that you give a name and not all possible matched fields.
Examples first with Named captures only unchecked and second with checked.
(I have used https://grokdebug.herokuapp.com/ for this)
It is very likely that you want the second option!
Docs https://docs.graylog.org/en/3.2/pages/extractors.html#using-grok-patterns-to-extract-data
for Extraction strategy - what is your exact question that is not answered by the text below that field?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.