Hi I was trying to optimize my sonicwall extractors by switching to k=v extractor instead of using regex to extract fields, log format is as follows: id=firewall sn=xxxxxxxxxxxxx time="2015-03-31 08:18:18 UTC" fw=a.b.c.d pri=6 c=1024 m=97 n=3902070 src=ip:port:iface:hostname dst=ip:port:iface:hostname proto=tcp/http op=GET sent=1286 rcvd=2129 result=200 dstname=googleads.g.doubleclick.net arg=/http/args code=64 Category="Not Rated" and only Category and time fields are extracted to graylog fields. Am I doing something wrong? (it's second extractor in the queue, the first just copies gl2_remote_ip to source field). Is it any kind of standard, expected behaviour in graylog? i haven't found any relevant issue on graylog's github issue tracker and i'm not sure i should fill one.
-- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
