Grok Extractor, Converter Support

[Tinche]

Hi,

when parsing metrics out of our logs, using a Grok extractor is really convenient. However, there's currently no way to apply converters to extracted fields?

It'd be very useful to, for example, be able to attach converters to either fields in the extractor or individual Grok patterns (even better!).

[Tinche]

Interestingly, I see java-grok recently got converter support: https://github.com/thekrakken/java-grok/commit/e6cbed4b0c75b90a18e4d4a6f287f651bf0b7817

Maybe helpful? Looks unreleased.

[kroepke]

We'll integrate support as soon as we can get a released version of java-grok. Thanks for pointing this out!

[Tinche]

Super!

On Mon, May 11, 2015 at 5:16 PM, Kay Roepke notifications@github.com wrote:

Closed #1064 https://github.com/Graylog2/graylog2-server/issues/1064 via bff3955 https://github.com/Graylog2/graylog2-server/commit/bff3955273564d97e5f9e2eb7bdbc55fb1441311 .

— Reply to this email directly or view it on GitHub https://github.com/Graylog2/graylog2-server/issues/1064#event-301855600.

[madchap]

Hi,

I've just updated to 1.1.5 from 1.1.4 (docker allinone), but I still do not see a converter field on the grok extractor page for an existing or new grok extractor. Is that normal?

Thanks, fred

[kroepke]

Not sure what you are looking for, but converters work differently for grok patterns. Please have a look at our docs: http://docs.graylog.org/en/1.1/pages/extractors.html#using-grok-patterns-to-extract-data

Best, Kay On Jul 28, 2015 5:31 PM, "Fred Blaise" notifications@github.com wrote:

Hi,

I've just updated to 1.1.5 from 1.1.4 (docker allinone), but I still do not see a converter field on the grok extractor page for an existing or new grok extractor. Is that normal?

Thanks, fred

— Reply to this email directly or view it on GitHub https://github.com/Graylog2/graylog2-server/issues/1064#issuecomment-125655038 .

[madchap]

Thanks, got it! I was expecting a field similar to the one present in regex, my bad.