Fantastic tutorial. Very much appreciate this. In the video you mentioned that you would place the code for the tcp-data, udp-data, echo-data and icmp-type so that we could import them directly. Where can I find these? Once again, thank you very much for your time!
I tried to put them in the video description but failed due to size limitation. You can check the existing free extractors in the marketplace and make your own modifications if needed.
The new field of your first extractor should be the input (source) of your second extractor. In your case "it's not parsing" means either the condition of your second extractor cannot be met, or the logic of your second extractor has problem so it does not produce the result you want.
This is gold, thank you.
very nice tutorial and explaination. really helps to understand how graylog work
This was a big help in understanding extractors, thank you!
Fantastic tutorial. Very much appreciate this.
In the video you mentioned that you would place the code for the tcp-data, udp-data, echo-data and icmp-type so that we could import them directly. Where can I find these?
Once again, thank you very much for your time!
I tried to put them in the video description but failed due to size limitation. You can check the existing free extractors in the marketplace and make your own modifications if needed.
for me after the creation of the first extractor, it's not parsing the message when i want to create the second one. any idea why ? thanks
The new field of your first extractor should be the input (source) of your second extractor. In your case "it's not parsing" means either the condition of your second extractor cannot be met, or the logic of your second extractor has problem so it does not produce the result you want.