What are the default grok patterns for the syslog input filter?
The data is from old snare, failing messages are formatted something like this:
<135> 07/18/2022:18:14:52 GMT HOSTNAME syslog_message.
Thanks
The default value depends on ecs_compatibility. It is set here. The SYSLOGLINE pattern is defined either here or here. I very much doubt it will match that date format with a timezone. You will need to write your own pattern.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.