Extractors giving errors on processing

[kpax-io]

I'm not very familiar with Graylog, but I have imported your extractors but one of them provides this message;

2020-04-22T13:07:16.394-04:00 ERROR [ExtractorFilter] Could not apply extractor "VMware SSH Logins Authentication Failure" (id=0e204ba9-8402-11ea-921b-005056ab1066) to message b7b318a0-84bb-11ea-bca4-005056ab1066
java.lang.RuntimeException: java.lang.IllegalArgumentException: No definition for key 'username' found, aborting

2020-04-22T13:07:16.396-04:00 ERROR [GrokPatternRegistry] Unable to load grok pattern authentication failure; logname= uid=%{BASE10NUM:vmware_uid_number} euid=%{BASE10NUM:vmware_euid_number} tty=ssh ruser= rhost=%{IPV4:ip_address}  user=%{username} into cache
java.lang.IllegalArgumentException: No definition for key 'username' found, aborting

Is this looking for a username with access to the ESX hosts or is it something else entirely?

This is occurring in Graylog 3.2.4+a407287 on Ubuntu 18.0.4.

[J-Camping]

It looks like your graylog doesn't have the username Grok pattern.
My installation has that defined as: [a-zA-Z0-9._-]+

Grok pattern information here: https://docs.graylog.org/en/3.2/pages/extractors.html#using-grok-patterns-to-extract-data

[dcecchino]

In the VMware SSH Logins Authentication Failure , update the extraction to,

authentication failure; logname= uid=%{BASE10NUM:vmware_uid_number} euid=%{BASE10NUM:vmware_euid_number} tty=ssh ruser= rhost=%{IPV4:ip_address} user=%{USERNAME}