I'm looking at using Graylog2 for a pretty specific project. It's only going to about 10 different types of log files, but I need to get extremely specific within those log files. I also do not have the ability to change the format of the logs. The logs come as tab delimited and contain a header section.
I'm trying to use the CSV to fields converter, but I keep getting the feeling that it doesn't do what I think it does. Is there a way to pass Graylog2 a bunch of headers and to tell it what fields are what, and then have it parse them? For example, I'd really like to parse the following: #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents orig_cc resp_cc sensorname 1401997562.606254 C17WYF4RAfPEzCDg23 10.246.50.7 137 10.246.50.255 137 udp dns 4.180676 300 0 S0 T 0 D 6 468 00 (empty) - - so-test-eth0 1401997536.549391 CLaDQnmYfW34xG7Bd 10.246.50.11 123 204.235.61.9 123 udp - 0.046794 0 48 SHR T 0 Cd 0 0 176 (empty) - US so-test-eth0 1401997550.087390 CavY0m1XCa42ydnBO1 10.246.50.32 68 255.255.255.255 67 udp dhcp - - - S0 T 0 D 1 328 0 0(empty) - - so-test-eth0 1401997479.316667 C5oU7l4fRLIZXNlaJf 10.246.50.32 57059 239.255.255.250 1900 udp - 74.496845 1596 0 S0 T 0 D 12 193200 (empty) - - so-test-eth0 I know that I can manually define out these fields and then craft regular expressions for each of them, however, I'm trying to avoid that. -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.