Grok an IP address and username

Hi, I have the following text below that I'm trying to parse just the IP and username. I've tried adding all the text prior to the IP but still nothing. Even if I just put into the Grok Debugger and %{IP} as the filter, I get nothing so I think there's something very basic I'm missing and could use some help.

Gateway user authentication succeeded. Login from:, Source region: US, User name: admin, Auth type: profile, Client OS version: Microsoft Windows 10 Enterprise , 64-bit.



    grok {
        match => {
            "message" => [
                "User name: %{WORD:user},"
        break_on_match => false

Badger to the rescue again! Thanks again!

Sorry for another question but why doesn't this work in the grok debugger site ( I thought that was were to go to test your patterns.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.