Hi, I've got a question on extractors.
We have logs (syslog UDP) coming from our squid haproxy and the messages are not passing correctly. So, I tried creating regex extractors and it seems graylog is not accepting it. I know the regex expression I've created is working Regex: ^\d+\.\d+\s+(\d+)\s+([0-9\.]*)\s+([^/]+)/(\d+)\s+(\d+)\s+(\w+)\s+((?:([^:]*)://)?([^/:]+):?(\d+)?(/?[^ ]*))\s+(\S+)\s+([^/]+)/([^ ]+)\s+(.*)$ Regex testing website: http://regexr.com/ Sample Logs: 1447365423.828 13700 1.1.1.1 TCP_MISS/200 5415 CONNECT l.betrad.com:443 user1 HIER_DIRECT/54.235.126.158 - 1447365423.159 328672 2.2.2.2 TCP_MISS/200 22155 CONNECT 0-edge-chat.facebook.com:443 user2 HIER_DIRECT/179.60.193.3 - 1447365422.803 61957 3.3.3.3 TCP_MISS/200 6894 CONNECT nz-mg5.mail.yahoo.com:443 user3 HIER_DIRECT/203.84.216.121 - Am I missing any 'special' configuration within graylog? Thanks in advance. Milton -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/c78fe6eb-355b-429d-bbc0-48c61c0cee1f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
