Hi support team
I have raw logs below:
GlobalProtect gateway user authentication succeeded. Login from: 14.15.10.62, Source region: VN, Login from: 14.187.170.62, User name: dungh, Auth type: profile, Client OS version: Android 7.0.
GlobalProtect gateway client configuration generated. User name: dungh, Private IP: 172.16.253.251, Client version: 4.1.6-2, Device name: SM-G950F-ce031713cd4518710d, Client OS version: Android 7.0, VPN type: Device Level VPN.
And grok code:
%{GREEDYDATA:message_vpn}. ((Login from: )%{IP:IP_from})?(,\s)?((Source·region: )(?<Source_region>[a-zA-Z]+))?(,\s)?%{GREEDYDATA:tail}
My issue is ouput log incorrect and it isn't get "Source region". Help me!
I attacked image of output grok.
Thanks,