Closed thepcn3rd closed 8 years ago
edmundoa
commented
8 years ago Hi,
Would you be so kind as to include some information so we can help you? We need to know which Graylog version you are using, the Grok pattern file you are using (if possible), the browser and OS you use to navigate through the web interface, and any errors in your Graylog server logs or browser's javascript console.
Thank you!
thepcn3rd
commented
8 years ago I am using the new Graylogv2.0 server. I was trying to import the following grok patterns:
CB_REASON [a-z.]+
CB_TYPE [a-z]+
CB_PROCESS_GUID [a-f0-9\-]+
CB_SEGMENT_ID [0-9]+
CB_HOST [A-Za-z0-9\-.]+
CB_COMMS_IP (?:[0-9.]+|)
CB_INTERFACE_IP (?:[0-9.]+|)
CB_SENSOR_ID [0-9]+
CB_WATCHLIST_ID [0-9]+
CB_WATCHLIST_NAME [A-Za-z0-9"\ !@$%^&*()\-_+={}\[\]:;<>,.]+
CB_TIMESTAMP [0-9.]+
CB_START_TIME [0-9TZ\-:.]+
CB_GROUP [A-Za-z0-9 ]+
CB_PROCESS_MD5 [0-9a-f]{32}
CB_PROCESS_NAME [A-Za-z0-9"\ !@$%^&*()\-_+={}\[\]:;<>,.]+
CB_PROCESS_PATH [A-Za-z0-9"\ !@$%^&*()-_+={}\[\]:;<>,.]+
CB_LAST_UPDATE [0-9TZ\-:.]+Using the latest version of Chrome. on Windows 10.
joschi
commented
8 years ago @thepcn3rd Please check the logs of your Graylog server node. It should contain an error message like the following (hinting to an invalid Grok pattern):
WARN : org.graylog2.grok.GrokPatternServiceImpl - Invalid regular expression syntax for 'CB_WATCHLIST_NAME' with pattern [A-Za-z0-9"\
java.util.regex.PatternSyntaxException: Unclosed character class near index 13
([A-Za-z0-9"\)We are using GitHub issues for tracking bugs in Graylog itself, but this doesn't look like one. Please post this issue to our public mailing list or join the #graylog channel on freenode IRC.
Thank you!
I am unable to import a Grok Pattern File. It states that it is unable to PUT to http://:12900/system/grok.
I am able to add the patterns one-at-a-time but this would be nice if it was fixed.
Thank you,