Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Graylog 3.0 grok extractors broken #5704
After upgrading to Graylog 3.0, I noticed that many of my grok extractors didn't load.
Graylog 3.0 unable to process the following grok pattern:
I was able to rewrite one of the grok patterns to get it to work
So I just upgraded from 2.5.x to 3.0, and I believe I'm having the same issue. I finally sorted out all the other warnings/errors on the graylog server.log file. I believe that I only have two remaining issues related to pfsense log extraction. I deleted the two extractors, both gave errors in the webUI and when accessing the UI produced the able error in the log. Unfortunately, the errors are still there even after a server restart. It looks like all my other data sources are fine, but my pfSense source isn't.
I'm not sure how to fix any of this, or if I can. I thought I had it figured out and that I'd be able to just remove those two extractors and then the data would then correctly be parsed again. That is apparently not the case though.
Is there anything I can do myself? Can someone point me in the right direction? I don't know how it can still be throwing the errors after I removed those two extractors.
If it helps, I used this guide to add the information to grafana: https://github.com/opc40772/pfsense-graylog
For help you are better of asking in the community forum: https://community.graylog.org/
But as I said in the community forum, since here is a place to discuss issues and how to fix them!
Thanks @kmerz. I just posted there, but I think I'm going to be screwed as I don't know what I need to fix and it looks like it's an upstream issue.