When it comes to parsing complex (read:crappy) log formats Jordan Sissel hit a homerun with the concepts and ideas behind Grok.
I have tried plain regex'es and drools but neither can match the ease, speed, and maintainability of grok patterns.
As a bonus it would enable a lot of transparency between Logstash and Graylog2.
Parsing crappy syslog like this :
took 2 minutes using something like this :
The text was updated successfully, but these errors were encountered:
…e result fields, even if they happen to produce just one #377
those aren't supported right now so we turn them off Graylog2/graylog2-server#377
…do anything with them * not showing is enough because the rest api won't give out any information and the page would be empty anyway, so it's not necessary to make the controller inaccessible Graylog2/graylog2-server#377