So I just upgraded from 2.5.x to 3.0, and I believe I have some broken grok extractors, related to this issue: https://github.com/Graylog2/graylog2-server/issues/5704
I finally sorted out all the other warnings/errors on the graylog server.log file. I believe that I only have issues related to pfsense log extraction. I deleted the two extractors (which may have now made things worse), both gave errors in the webUI and when accessing the UI produced the able error in the log. Unfortunately, the errors are still there even after a server restart. It looks like all my other inputs are fine, but my pfSense isn’t. It’s still capturing data, but it’s not transforming it in any way.
I’m not sure how to fix any of this, or if I can. I thought I had it figured out and that I’d be able to just remove those two extractors and then the data would then correctly be parsed again. That is apparently not the case though.
Is there anything I can do myself? Can someone point me in the right direction? I don’t know how it can still be throwing the errors after I removed those two extractors.
If it helps, I used this guide to add the information to grafana: hxxps://github.com/opc40772/pfsense-graylog (had to nerf the link due to being a “new user”.
Also, here is a log from a “clean” startup: https://hastebin.com/raw/eluqaresat