Grok Extractor Help

Micah_Bailey · November 9, 2020, 5:05pm

I am new to Grok Extractors and I am trying to extract some fields from Logstash.

Example Message:
Nov 9 08:53:00 192.168.131.6 rsgpchkd[867]: Portforwarding for rsgcadc123215 on /dev/pts/0, destination 10.208.203.30:22

I am attempting to pull out anything after the : and tie the destination IP to it. In this case it would be Portforwarding 10.208.203.30:22

I have looked at several things, but have to figured out how to accomplish this.

warkolm · November 10, 2020, 2:20am

Welcome to our community!

Can you share what you have tried so far?

system · December 8, 2020, 2:20am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.