- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Float this Question for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
ExtractGrok processor - Writing Regex to parse Cisco syslog
- Labels:
-
Apache NiFi
Created 03-02-2018 10:18 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am running the Nifi on Docker. Nifi ParseSyslog fails for Cisco syslog, so trying to write custom regex parsing using Extract Grok processor.
What is the Grok pattern file to be provided? I provided Grok expression, but it still looks for Grok pattern file.
Any pointers on this will help. Thanks!
Created 03-06-2018 06:14 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I got the pattern file created and used in Nifi.
I am using this in grok expression:
<(?<priority>[0-9]+)>(?<sequence>[0-9]+): *(\*)?%{CISCOTIMESTAMP}: (?<host>[a-zA-Z0-9_]+): %(?<facility>[A-Z0-9_]+)-(?<severity>[0-7]+)-(?<mnemonic>[A-Z0-9_]+): (?<message>.+)
grok pattern file - https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-proce...
This expression works fine on Grok debugger site - http://grokdebug.herokuapp.com/. But not on Nifi. What am i doing wrong?
Sample cisco router log data i am using:
<189>22: *Apr 29 13:58:40.411: user: %SYS-5-CONFIG_I: Configured from console by console
Created 03-03-2018 10:16 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Jay,
You need to provide a file such as
You could also use the ConvertRecord processor with a GrokReader. In this case there is already a default pattern file pre-loaded with the reader.
Hope this helps,
Pierre
Created 03-05-2018 04:24 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Pierre Villard - Thanks for the reply. I looked at this pattern file. But I am not sure how to link this file to Grok pattern file on nifi.
I am running it on docker compose, so how do i store this pattern file and what path to provide in the Nifi?
Created 03-06-2018 06:14 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I got the pattern file created and used in Nifi.
I am using this in grok expression:
<(?<priority>[0-9]+)>(?<sequence>[0-9]+): *(\*)?%{CISCOTIMESTAMP}: (?<host>[a-zA-Z0-9_]+): %(?<facility>[A-Z0-9_]+)-(?<severity>[0-7]+)-(?<mnemonic>[A-Z0-9_]+): (?<message>.+)
grok pattern file - https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-proce...
This expression works fine on Grok debugger site - http://grokdebug.herokuapp.com/. But not on Nifi. What am i doing wrong?
Sample cisco router log data i am using:
<189>22: *Apr 29 13:58:40.411: user: %SYS-5-CONFIG_I: Configured from console by console
Created 03-06-2018 07:19 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I got it working. I had to add the custom naming fields used in the Grok expression into the pattern file.
Created 02-17-2020 03:18 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, can you explain how did you solve this problem?
