As far as I know, using the regular regexp rules in graylog, there isn't a
way to tell it to just split on white space, and there isn't a way to tell
it to capture multiple values in one pattern. Not with the interfaces we
have available, anyway.
In perl, I could do something like:
Hello again,
I thinked a little bit about your response.
In my log example, my assumptions are below ; (Dont get me wrong, I'm just
trying to understand a regex coders point of view)
- The first string until the first space char is the "SourceServer". It can
vary on hostname number of
My quick and short response after this, I'm planning to use NXlog at
resource side and imo NXlog is capable to use RegEX. I saw many examples.
NXlog will send the structured log in GELF format to Graylog and graylog
can parse it.
Regards.
On Tue, Feb 2, 2016 at 5:32 PM, Joi Owen
You're welcome. I did just spot an error I made in the examples... the
time pattern has a decimal point in it, and that will need to be escaped in
all of the patterns that use contain that field.
threadid: ^.+\s\d\d:\d\d:\d\d.\d+\s\d+s(\d+)\s+\d+\s+
should be
threadid:
Joi thank you so much. :)
On Mon, Feb 1, 2016 at 10:18 PM, Joi Owen wrote:
> This is the sort of thing that can take some trial and error to get
> perfect, and I doubt anyone on this list has messages of exactly this
> format hitting their own servers, so it will be hard for
This is the sort of thing that can take some trial and error to get
perfect, and I doubt anyone on this list has messages of exactly this
format hitting their own servers, so it will be hard for us to give you
proven tested-and-good answers, we can only point you in the right
direction.
You need