Hi there I have a whole bunch of extractors and in general they work just fine. However, I was just doing a search and got a surprising result back, and when I dug into it discovered events that a month-old extractor should have run on had failed to do so. ie I have extractors that create new fields, and identical records do not trigger the same field creation.
If I manually load such a "skipped" event into the extractor wizard, it demonstrates that it wants to extract the field - but in reality had failed to do so There's no evidence of a load problem, and the extractors are definitely working - just not 100% of time... What could be behind this inconsistency? Could it be previous extractors? Frankly I'm not even sure what happens - if "extractor 3" matches, does "extractor 7" still get compared? This is CentOS-7, with graylog-server-2.0.2-1/elasticsearch-2.3.3-1 Thanks -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAFChrgJPYheNn3PEx-ojs-%2BxUs_HTiAdA9B79xo4UDjrXAeVvQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
