Hello!
Source log:
Mar 16 00:01:25 evita postfix/smtpd[1713]: connect from camomile.cloud9.net[168.100.1.3]
Grok pattern - SYSLOGLINE
Output - No Matches
Screenshot:
I cannot speak to herokuapp.com, but it works in logstash
input { generator { count => 1 lines => [ 'Mar 16 00:01:25 evita postfix/smtpd[1713]: connect from camomile.cloud9.net[168.100.1.3]' ] } }
filter { grok { match => { "message" => "%{SYSLOGLINE}" } } }
produces
"timestamp" => "Mar 16 00:01:25",
"message" => [
[0] "Mar 16 00:01:25 evita postfix/smtpd[1713]: connect from camomile.cloud9.net[168.100.1.3]",
[1] "connect from camomile.cloud9.net[168.100.1.3]"
],
"logsource" => "evita",
"program" => "postfix/smtpd",Yes.. i forgot. Right %{SYSLOGLINE}.
Thanks!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.