Gork patterns with | does not work

Hi,
I am using gork to extract the fields of this kind of syslog messages:

Test-Cluster/IM-6/IM-HQ-01/box_Firewall_Activity: Info IM-HQ-01 Remove: type=FWD|proto=TCP|srcIF=port7.122|srcIP=10.244.122.23|srcPort=62946|srcMAC=00:50:56:8d:71:7e|dstIP=10.244.120.100|dstPort=445|dstService=microsoft-ds|dstIF=port7.120|rule=WN-Lan-server|info=TF-Sync|srcNAT=10.244.122.23|dstNAT=10.244.120.100|duration=15|count=1|receivedBytes=0|sentBytes=0|receivedPackets=0|sentPackets=0|user=|protocol=|application=|target=|content=|urlcat=

My Gork code looks like this:
srcIP=%{IP:srcip}|scrPort=%{NUMBER:srcport}|dstIP=%{IP:dstip}|dstPort=%{NUMBER:dstport}

But this does not work. it seems that the | in the message makes problems.
It only can find the first field but not the other fields.
Can anyone please help me how I can create a working gork pattern for this?
Just a short example would be enough.

Hello,

indicating a | without escaping it in a grok pattern indicates that the grok will look for a logic OR. In your case, your pattern means that if the first field is not something like "srcIP=//some_IP_here" the grok will look for a field like "srcPort=//some_port_here" instead (but still for the first field).

If you want your grok pattern to not have that behavior, intead of [quote="keamas, post:1, topic:54335"]
srcIP=%{IP:srcip}|scrPort=%{NUMBER:srcport}|dstIP=%{IP:dstip}|dstPort=%{NUMBER:dstport}
[/quote]

your grok pattern will look like this:
srcIP=%{IP:srcip}\|scrPort=%{NUMBER:srcport}\|dstIP=%{IP:dstip}\|dstPort=%{NUMBER:dstport}

This should work (except if there is a mismatch for field type or a malformation in some logs.

I hope this will help you