Graylog2-server: Allow converters on Grok extractors

Created on 13 Nov 2015  路  4Comments  路  Source: Graylog2/graylog2-server

It would be handy to allow converters on Grok patterns.

For example, with the following pattern:

POSTFIX_PIPE_DELIVERED %{POSTFIX_QUEUEID:postfix_queueid}: %{GREEDYDATA:postfix_keyvalue_data} \(delivered via %{WORD:postfix_pipe_service} service\)

The field postfix_keyvalue_data will always contain key=value data. To extract this I currently need to create a copy extractor with a key/value converter on the resulting postfix_keyvalue_data field, duplicating a lot of information

feature
Source
picture bpbp-boop

All 4 comments

Same for forcing the numeric type for use with statistics and charts.

drewmmiranda picture drewmmiranda on 28 Nov 2015
👍1

+1, especially for casting to scalar types such as numbers for metrics

manishjhawar picture manishjhawar on 23 Feb 2016
👍1

+1

jensschulze picture jensschulze on 8 Aug 2016

The grok patterns already support type hints, for example %{NUMBER:num:int} will convert the match named "num" into an integer.

Currently the following types are supported:

  • byte
  • boolean
  • short
  • int
  • long
  • float
  • double
  • date
  • datetime
  • string
joschi picture joschi on 8 Aug 2016
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

albix picture albix  路  3Comments
jalogisch picture jalogisch  路  4Comments
edmundoa picture edmundoa  路  3Comments
mikkolehtisalo picture mikkolehtisalo  路  4Comments
hc4 picture hc4  路  4Comments