[graylog2] Re: Grok Pattern not working

2015-12-01 Thread Jochen Schalanda 
Hi Matthew,

what exactly does "not working" mean? What kind of message are you trying 
to match with this grok pattern? Did you import or create all referenced 
grok patterns in Graylog?

Additionally there might be a problem with the "timestamp" field if it 
doesn't match the timestamp format used by Graylog.


Cheers,
Jochen

On Tuesday, 1 December 2015 09:05:08 UTC+1, Matthew Simon wrote:
>
> Hi Guys 
>
> Maybe someone can point out where im going wrong with my Grok pattern here?
>
> (?:%{SYSLOGTIMESTAMP:timestamp}|%TIMESTAMP_ISO8601:timestamp8601})(?:%{SYSLOGHOST:logsource})
>  
> (?:%{YEAR}): (?:%{MONTHNUM}):(?:%{MONTHDAY})-
> (?:%{HOUR}):(?:%{MINUTE}):(?:%{SECOND})
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/a95719c8-1819-4b80-b3d0-5431232365df%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

RE: [graylog2] Re: grok pattern not working

2015-10-21 Thread Osztrovszky Zsolt 
Yes.
Like this:
[cid:image001.png@01D10C00.10723AF0]
[cid:image002.png@01D10C00.10723AF0]

Cheers,
Zsolt

From: graylog2@googlegroups.com [mailto:graylog2@googlegroups.com] On Behalf Of 
Jochen Schalanda
Sent: Tuesday, October 20, 2015 4:03 PM
To: Graylog Users 
Subject: [graylog2] Re: grok pattern not working

Hi Zsolt,

did you add the required Grok patterns to your Graylog system?


Cheers,
Jochen

On Tuesday, 20 October 2015 12:56:17 UTC+2, Zsolt Osztrovszky wrote:
Hello Guys!
I'd like to setup an extractor with Grok pattern.
This is my sample message and pattern:
10.10.1.1 - - [13/Oct/2015:17:19:54 +0200] "GET //ed98/561/this.m3u8 
HTTP/1.1" 200 388 "http://10.1.1.1/hls.php?o=&p=2kV&t=BASE64"; "Mozilla/5.0 
(Macintosh; Intel Mac OS X 10_11) AppleWebKit/601.1.56 (KHTML, like Gecko) 
Version/9.0 Safari/601.1.56" 3878 6090 ed98b

pattern:
%{IP:remote_addr}

If I push try, it says: Attention We were not able to run the grok extraction. 
Please check your parameters.

What am I doing wrong?
Thanks.
Cheers,
Zsolt
--
You received this message because you are subscribed to a topic in the Google 
Groups "Graylog Users" group.
To unsubscribe from this topic, visit 
https://groups.google.com/d/topic/graylog2/KBn38OfLyUc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to 
graylog2+unsubscr...@googlegroups.com<mailto:graylog2+unsubscr...@googlegroups.com>.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ab9539b3-7c11-4665-a6f4-f6c092a2b690%40googlegroups.com<https://groups.google.com/d/msgid/graylog2/ab9539b3-7c11-4665-a6f4-f6c092a2b690%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.


FIGYELMEZTETÉS:
"Ez az e-mail bizalmas információkat tartalmaz kizárólag a címzett(ek) számára. 
Amennyiben Ön nem címzettje ennek az e-mail-nek, felhívjuk figyelmét arra, hogy 
az e-mail tartalmának közzététele, másolása, illetéktelenek számára való 
továbbítása, megőrzése vagy bármilyen hasonló tevékenység tilos és törvénybe 
ütköző."

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/20813E38516D75429744E7A4B8B656FF02549D446D38%40PETZCMSVS01.intra.ahrt.hu.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: grok pattern not working

2015-10-20 Thread Jochen Schalanda 
Hi Zsolt,

did you add the required Grok patterns to your Graylog system?


Cheers,
Jochen

On Tuesday, 20 October 2015 12:56:17 UTC+2, Zsolt Osztrovszky wrote:
>
> Hello Guys!
> I'd like to setup an extractor with Grok pattern.
> This is my sample message and pattern:
> 10.10.1.1 - - [13/Oct/2015:17:19:54 +0200] "GET //ed98/561/this.m3u8 
> HTTP/1.1" 200 388 "http://10.1.1.1/hls.php?o=&p=2kV&t=BASE64"; 
> "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11) AppleWebKit/601.1.56 (KHTML, 
> like Gecko) Version/9.0 Safari/601.1.56" 3878 6090 ed98b
>
> pattern:
> %{IP:remote_addr}
>
> If I push try, it says: Attention We were not able to run the grok 
> extraction. Please check your parameters.
>
> What am I doing wrong?
> Thanks.
> Cheers,
> Zsolt
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ab9539b3-7c11-4665-a6f4-f6c092a2b690%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.