Re: [graylog2] Regex statement for a raw log

As far as I know, using the regular regexp rules in graylog, there isn't a way to tell it to just split on white space, and there isn't a way to tell it to capture multiple values in one pattern. Not with the interfaces we have available, anyway. In perl, I could do something like:

Re: [graylog2] Regex statement for a raw log

Hello again, I thinked a little bit about your response. In my log example, my assumptions are below ; (Dont get me wrong, I'm just trying to understand a regex coders point of view) - The first string until the first space char is the "SourceServer". It can vary on hostname number of

Re: [graylog2] Regex statement for a raw log

My quick and short response after this, I'm planning to use NXlog at resource side and imo NXlog is capable to use RegEX. I saw many examples. NXlog will send the structured log in GELF format to Graylog and graylog can parse it. Regards. On Tue, Feb 2, 2016 at 5:32 PM, Joi Owen

Re: [graylog2] Regex statement for a raw log

You're welcome. I did just spot an error I made in the examples... the time pattern has a decimal point in it, and that will need to be escaped in all of the patterns that use contain that field. threadid: ​^.+\s\d\d:\d\d:\d\d.\d+\s\d+s(\d+)\s+\d+\s+ should be threadid:

Re: [graylog2] Regex statement for a raw log

Joi thank you so much. :) On Mon, Feb 1, 2016 at 10:18 PM, Joi Owen wrote: > This is the sort of thing that can take some trial and error to get > perfect, and I doubt anyone on this list has messages of exactly this > format hitting their own servers, so it will be hard for

Re: [graylog2] Regex statement for a raw log

This is the sort of thing that can take some trial and error to get perfect, and I doubt anyone on this list has messages of exactly this format hitting their own servers, so it will be hard for us to give you proven tested-and-good answers, we can only point you in the right direction. You need