{
"v": 1,
"id": "349bde6e-bc66-427a-8cec-67c717f0c8a0",
"rev": 1,
"name": "Liwo",
"summary": "Liwo",
"description": "",
"vendor": "Liwo",
"url": "",
"parameters": [],
"entities": [
{
"v": "1",
"type": {
"name": "sidecar_collector",
"version": "1"
},
"id": "66ff4ca8-cd50-460e-91dc-9123f678dd43",
"data": {
"name": {
"@type": "string",
"@value": "filebeat"
},
"service_type": {
"@type": "string",
"@value": "exec"
},
"node_operating_system": {
"@type": "string",
"@value": "linux"
},
"executable_path": {
"@type": "string",
"@value": "/usr/share/filebeat/bin/filebeat"
},
"execute_parameters": {
"@type": "string",
"@value": "-c %s"
},
"validation_parameters": {
"@type": "string",
"@value": "test config -c %s"
},
"default_template": {
"@type": "string",
"@value": "# Needed for Graylog\nfields_under_root: true\nfields.collector_node_id: ${sidecar.nodeName}\nfields.gl2_source_collector: ${sidecar.nodeId}\n\nfilebeat.inputs:\n- input_type: log\n paths:\n - /var/log/*.log\n type: log\noutput.logstash:\n hosts: [\"192.168.1.1:5044\"]\npath:\n data: /var/lib/graylog-sidecar/collectors/filebeat/data\n logs: /var/lib/graylog-sidecar/collectors/filebeat/log"
}
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "92f767af-fb4f-40cb-90ba-c2f05d8a74ee",
"data": {
"name": "SYSLOGTIMESTAMP",
"pattern": "%{MONTH} +%{MONTHDAY} %{TIME}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "dashboard",
"version": "2"
},
"id": "14132da6-1cc2-4ffe-a735-e5c0a174f11e",
"data": {
"summary": {
"@type": "string",
"@value": "This is a list of all sources that sent in messages to Graylog."
},
"search": {
"queries": [
{
"id": "a1647eb6-a064-4fe6-b459-1e4267d3f659",
"timerange": {
"type": "relative",
"range": 300
},
"query": {
"type": "elasticsearch",
"query_string": ""
},
"search_types": [
{
"query": null,
"name": "chart",
"timerange": {
"type": "relative",
"range": 300
},
"streams": [],
"series": [
{
"type": "count",
"id": "Message count",
"field": null
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "time",
"field": "timestamp",
"interval": {
"type": "auto",
"scaling": 1
}
}
],
"type": "pivot",
"id": "481de18f-938e-40d5-8ab2-6eaf6a28f091",
"column_groups": [],
"sort": []
},
{
"query": null,
"name": "chart",
"timerange": {
"type": "relative",
"range": 300
},
"streams": [],
"series": [
{
"type": "count",
"id": "Message count",
"field": null
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "values",
"field": "source",
"limit": 10
}
],
"type": "pivot",
"id": "a964f1c5-e108-4b5e-a907-ffe0b0f0683c",
"column_groups": [],
"sort": [
{
"type": "series",
"field": "count()",
"direction": "Descending"
}
]
},
{
"query": null,
"name": "chart",
"timerange": {
"type": "relative",
"range": 300
},
"streams": [],
"series": [
{
"type": "count",
"id": "Message count",
"field": null
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "values",
"field": "source",
"limit": 15
}
],
"type": "pivot",
"id": "011b2894-49e5-44d8-aab6-8c4d4457a886",
"column_groups": [],
"sort": [
{
"type": "series",
"field": "count()",
"direction": "Descending"
}
]
}
]
}
],
"parameters": [],
"requires": {},
"owner": "admin",
"created_at": "2019-11-22T10:58:47.255Z"
},
"created_at": "2019-11-22T10:54:50.950Z",
"requires": {},
"state": {
"a1647eb6-a064-4fe6-b459-1e4267d3f659": {
"selected_fields": null,
"static_message_list_id": null,
"titles": {
"tab": {
"title": "Sources Overview"
},
"widget": {
"6c127c5d-be75-4157-b43f-ac0194ac0586": "Selected sources",
"92d63811-e4dd-47db-bd3b-db03c8a9bd53": "Messages per Source",
"00637e63-d728-4b3e-932b-7c8696b4855d": "Messages over time"
}
},
"widgets": [
{
"id": "92d63811-e4dd-47db-bd3b-db03c8a9bd53",
"type": "aggregation",
"filter": null,
"timerange": {
"type": "relative",
"range": 300
},
"query": null,
"streams": [],
"config": {
"visualization": "pie",
"event_annotation": false,
"row_pivots": [
{
"field": "source",
"type": "values",
"config": {
"limit": 10
}
}
],
"series": [
{
"config": {
"name": "Message count"
},
"function": "count()"
}
],
"rollup": true,
"column_pivots": [],
"visualization_config": null,
"formatting_settings": null,
"sort": [
{
"type": "series",
"field": "count()",
"direction": "Descending"
}
]
}
},
{
"id": "00637e63-d728-4b3e-932b-7c8696b4855d",
"type": "aggregation",
"filter": null,
"timerange": {
"type": "relative",
"range": 300
},
"query": null,
"streams": [],
"config": {
"visualization": "line",
"event_annotation": false,
"row_pivots": [
{
"field": "timestamp",
"type": "time",
"config": {
"interval": {
"type": "auto",
"scaling": null
}
}
}
],
"series": [
{
"config": {
"name": "Message count"
},
"function": "count()"
}
],
"rollup": true,
"column_pivots": [],
"visualization_config": null,
"formatting_settings": null,
"sort": []
}
},
{
"id": "6c127c5d-be75-4157-b43f-ac0194ac0586",
"type": "aggregation",
"filter": null,
"timerange": {
"type": "relative",
"range": 300
},
"query": null,
"streams": [],
"config": {
"visualization": "table",
"event_annotation": false,
"row_pivots": [
{
"field": "source",
"type": "values",
"config": {
"limit": 15
}
}
],
"series": [
{
"config": {
"name": "Message count"
},
"function": "count()"
}
],
"rollup": true,
"column_pivots": [],
"visualization_config": null,
"formatting_settings": null,
"sort": [
{
"type": "series",
"field": "count()",
"direction": "Descending"
}
]
}
}
],
"widget_mapping": {
"6c127c5d-be75-4157-b43f-ac0194ac0586": [
"011b2894-49e5-44d8-aab6-8c4d4457a886"
],
"92d63811-e4dd-47db-bd3b-db03c8a9bd53": [
"a964f1c5-e108-4b5e-a907-ffe0b0f0683c"
],
"00637e63-d728-4b3e-932b-7c8696b4855d": [
"481de18f-938e-40d5-8ab2-6eaf6a28f091"
]
},
"positions": {
"6c127c5d-be75-4157-b43f-ac0194ac0586": {
"col": 1,
"row": 5,
"height": 4,
"width": 6
},
"92d63811-e4dd-47db-bd3b-db03c8a9bd53": {
"col": 7,
"row": 5,
"height": 4,
"width": 6
},
"00637e63-d728-4b3e-932b-7c8696b4855d": {
"col": 1,
"row": 1,
"height": 4,
"width": "Infinity"
}
},
"formatting": {
"highlighting": []
},
"display_mode_settings": {
"positions": {}
}
}
},
"properties": [],
"owner": "admin",
"title": {
"@type": "string",
"@value": "Sources"
},
"type": "DASHBOARD",
"description": {
"@type": "string",
"@value": "This is a list of all sources that sent in messages to Graylog. You can narrow the timerange by zooming in on the message histogram, or you can increase the time range by specifying a broader one in the controls at the top. You can also specify filters to limit the results you are seeing. You can also add additional widgets to this dashboard, or adapt the appearance of existing widgets to suit your needs."
}
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "00bace8f-a5e8-42e1-88a3-afc34c5887a6",
"data": {
"name": "IPORHOST",
"pattern": "(?:%{IP}|%{HOSTNAME})"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "03c56f23-5a73-4fc9-818c-dc4d6c5422e2",
"data": {
"name": "QUOTEDSTRING",
"pattern": "(?>(?\"(?>\\\\.|[^\\\\\"]+)+\"|\"\"|(?>'(?>\\\\.|[^\\\\']+)+')|''|(?>`(?>\\\\.|[^\\\\`]+)+`)|``))"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "sidecar_collector",
"version": "1"
},
"id": "954fdaf3-c6ef-4012-b730-a0fa89645b40",
"data": {
"name": {
"@type": "string",
"@value": "nxlog"
},
"service_type": {
"@type": "string",
"@value": "svc"
},
"node_operating_system": {
"@type": "string",
"@value": "windows"
},
"executable_path": {
"@type": "string",
"@value": "C:\\Program Files (x86)\\nxlog\\nxlog.exe"
},
"execute_parameters": {
"@type": "string",
"@value": "-c \"%s\""
},
"validation_parameters": {
"@type": "string",
"@value": "-v -f -c \"%s\""
},
"default_template": {
"@type": "string",
"@value": "define ROOT C:\\Program Files (x86)\\nxlog\n\nModuledir %ROOT%\\modules\nCacheDir %ROOT%\\data\nPidfile %ROOT%\\data\\nxlog.pid\nSpoolDir %ROOT%\\data\nLogFile %ROOT%\\data\\nxlog.log\nLogLevel INFO\n\n\n Module xm_fileop\n \n When @daily\n Exec file_cycle('%ROOT%\\data\\nxlog.log', 7);\n \n\n\n\n\n Module xm_gelf\n # Avoid truncation of the short_message field to 64 characters.\n ShortMessageLength 65536\n\n\n\n Module im_msvistalog\n PollInterval 1\n SavePos True\n ReadFromLast True\n \n #Channel System\n #\n # \n # \n # \n # \n # \n #\n\n\n\n\n\tModule im_file\n\tFile 'C:\\Windows\\MyLogDir\\\\*.log'\n\tPollInterval 1\n\tSavePos\tTrue\n\tReadFromLast True\n\tRecursive False\n\tRenameCheck False\n\tExec $FileName = file_name(); # Send file name with each message\n\n\n\n\n\n\n\n Path eventlog => gelf\n\n\n Path file => gelf\n\n\n"
}
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "2e477fbe-615c-4cf9-a48e-48ace38d1591",
"data": {
"name": "DAY",
"pattern": "(?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?)"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "53f544b2-0323-4d77-8df0-29461b916318",
"data": {
"name": "DATESTAMP_OTHER",
"pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{TZ} %{YEAR}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "8caea7c6-e2ea-461b-81d4-04c2e17fb490",
"data": {
"name": "CISCOMAC",
"pattern": "(?:(?:[A-Fa-f0-9]{4}\\.){2}[A-Fa-f0-9]{4})"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "b15ec78c-5fed-497b-8bac-b85d74c6052b",
"data": {
"name": "SECOND",
"pattern": "(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "5929b910-f97b-4131-92e9-c4a2031518fc",
"data": {
"name": "BASE16NUM",
"pattern": "(?=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "c989eb86-1aba-4d2a-9639-85a117472496",
"data": {
"name": "DATE",
"pattern": "%{DATE_US}|%{DATE_EU}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "bab21710-64f1-4c56-b4b6-7bb9c876e924",
"data": {
"name": "URIPATHPARAM",
"pattern": "%{URIPATH}(?:%{URIPARAM})?"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "35a6765b-4635-4b2e-b7a9-02e829316d8d",
"data": {
"name": "LOGLEVEL",
"pattern": "([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "c03e91d3-a36a-4e2a-9c05-b4cabd93f39e",
"data": {
"name": "INT",
"pattern": "(?:[+-]?(?:[0-9]+))"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "4f2a8bb0-da94-4d11-a9d2-c3807b8f7445",
"data": {
"name": "COMMONMAC",
"pattern": "(?:(?:[A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2})"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "55b315e3-d7e6-41f2-a6ba-090b67b1ae5a",
"data": {
"name": "PATH",
"pattern": "(?:%{UNIXPATH}|%{WINPATH})"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "input",
"version": "1"
},
"id": "95a5657f-0ed4-419c-b4cf-8c4357683d69",
"data": {
"title": {
"@type": "string",
"@value": "MySQL"
},
"configuration": {
"tls_key_file": {
"@type": "string",
"@value": ""
},
"port": {
"@type": "integer",
"@value": 5044
},
"tls_enable": {
"@type": "boolean",
"@value": false
},
"recv_buffer_size": {
"@type": "integer",
"@value": 1048576
},
"tcp_keepalive": {
"@type": "boolean",
"@value": false
},
"tls_client_auth_cert_file": {
"@type": "string",
"@value": ""
},
"bind_address": {
"@type": "string",
"@value": "0.0.0.0"
},
"no_beats_prefix": {
"@type": "boolean",
"@value": false
},
"tls_cert_file": {
"@type": "string",
"@value": ""
},
"tls_client_auth": {
"@type": "string",
"@value": "disabled"
},
"number_worker_threads": {
"@type": "integer",
"@value": 4
},
"tls_key_password": {
"@type": "string",
"@value": ""
}
},
"static_fields": {},
"type": {
"@type": "string",
"@value": "org.graylog.plugins.beats.Beats2Input"
},
"global": {
"@type": "boolean",
"@value": true
},
"extractors": []
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "089c28a7-a3e6-455e-9224-ec34212726d1",
"data": {
"name": "ISO8601_SECOND",
"pattern": "(?:%{SECOND}|60)"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "37b422ec-e226-4f3c-8461-929df9e3b570",
"data": {
"name": "GREEDYDATA",
"pattern": ".*"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "b4d59466-6610-40f6-bc86-d0ad835e3e59",
"data": {
"name": "MONTHDAY",
"pattern": "(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "075b3e85-593e-471d-ab8c-82ac71542728",
"data": {
"name": "TIME",
"pattern": "(?!<[0-9])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![0-9])"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "0f2c231d-6a0c-46bb-8ae8-a7c53bca776e",
"data": {
"name": "TZ",
"pattern": "(?:[PMCE][SD]T|UTC)"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "d18cdb90-fe4c-4b26-904b-9ba148fccc37",
"data": {
"name": "HTTPDERROR_DATE",
"pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "926552e4-c6e6-42d2-a2af-177a6e5ca3c3",
"data": {
"name": "NUMBER",
"pattern": "(?:%{BASE10NUM})"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "2a77197a-385e-41fe-a8b5-70c9c376466f",
"data": {
"name": "QS",
"pattern": "%{QUOTEDSTRING}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "f9169aaa-825b-4e85-86f6-da5e057c388f",
"data": {
"name": "DATA",
"pattern": ".*?"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "247a2f23-3bb6-4dc4-beb1-57234162f0e5",
"data": {
"name": "DATESTAMP",
"pattern": "%{DATE}[- ]%{TIME}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "f821d762-92a8-4fc2-8d77-4b25a2a173d1",
"data": {
"name": "MONTHNUM",
"pattern": "(?:0?[1-9]|1[0-2])"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "33b8be09-37f2-4d14-9edf-6881bf54743d",
"data": {
"name": "WORD",
"pattern": "\\b\\w+\\b"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "89af4964-6026-44fb-81ea-d6a390ca8903",
"data": {
"name": "IP",
"pattern": "(?:%{IPV6}|%{IPV4})"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "492d4c0f-ee79-4129-bf4b-ab8d7a933a3b",
"data": {
"name": "WINPATH",
"pattern": "(?>[A-Za-z]+:|\\\\)(?:\\\\[^\\\\?*]*)+"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "input",
"version": "1"
},
"id": "2399a894-fd4a-4c3b-8e2f-30970a7aa8d3",
"data": {
"title": {
"@type": "string",
"@value": "Laravel"
},
"configuration": {
"recv_buffer_size": {
"@type": "integer",
"@value": 262144
},
"port": {
"@type": "integer",
"@value": 12201
},
"number_worker_threads": {
"@type": "integer",
"@value": 4
},
"bind_address": {
"@type": "string",
"@value": "0.0.0.0"
},
"decompress_size_limit": {
"@type": "integer",
"@value": 8388608
}
},
"static_fields": {},
"type": {
"@type": "string",
"@value": "org.graylog2.inputs.gelf.udp.GELFUDPInput"
},
"global": {
"@type": "boolean",
"@value": true
},
"extractors": []
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "ba6885ed-9583-4898-a4ff-ee231e5b3fba",
"data": {
"name": "IPV4",
"pattern": "(?=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "4c016236-66b5-4633-b961-08e9f1d1a4ec",
"data": {
"name": "NOTSPACE",
"pattern": "\\S+"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "22f9f174-793a-45d7-9444-519d6a4b99c0",
"data": {
"name": "COMMONAPACHELOG",
"pattern": "%{IPORHOST:clientip} %{HTTPDUSER:ident} %{USER:auth} \\[%{HTTPDATE:timestamp;date;dd/MMM/yyyy:HH:mm:ss Z}\\] \"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" %{NUMBER:response} (?:%{NUMBER:bytes}|-)"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "b2a8b7c7-bbb7-4904-b5cc-920c69019ad3",
"data": {
"name": "MAC",
"pattern": "(?:%{CISCOMAC}|%{WINDOWSMAC}|%{COMMONMAC})"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "993b5faa-64bf-4e8a-8998-54a980ddb4a4",
"data": {
"name": "NONNEGINT",
"pattern": "\\b(?:[0-9]+)\\b"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "7ec306ac-bfe2-4dd1-9e86-6876382216de",
"data": {
"name": "PROG",
"pattern": "[\\x21-\\x5a\\x5c\\x5e-\\x7e]+"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "ca3ccb18-4220-41c1-8d8a-82833a13bd4d",
"data": {
"name": "USER",
"pattern": "%{USERNAME}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "sidecar_collector",
"version": "1"
},
"id": "abc9f978-f01e-470e-9687-3977ba243011",
"data": {
"name": {
"@type": "string",
"@value": "winlogbeat"
},
"service_type": {
"@type": "string",
"@value": "svc"
},
"node_operating_system": {
"@type": "string",
"@value": "windows"
},
"executable_path": {
"@type": "string",
"@value": "C:\\Program Files\\Graylog\\sidecar\\winlogbeat.exe"
},
"execute_parameters": {
"@type": "string",
"@value": "-c \"%s\""
},
"validation_parameters": {
"@type": "string",
"@value": "test config -c \"%s\""
},
"default_template": {
"@type": "string",
"@value": "# Needed for Graylog\nfields_under_root: true\nfields.collector_node_id: ${sidecar.nodeName}\nfields.gl2_source_collector: ${sidecar.nodeId}\n\noutput.logstash:\n hosts: [\"192.168.1.1:5044\"]\npath:\n data: C:\\Program Files\\Graylog\\sidecar\\cache\\winlogbeat\\data\n logs: C:\\Program Files\\Graylog\\sidecar\\logs\ntags:\n - windows\nwinlogbeat:\n event_logs:\n - name: Application\n - name: System\n - name: Security"
}
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "00148b53-1876-414e-81e8-875ba243a028",
"data": {
"name": "HOSTNAME",
"pattern": "\\b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\\.?|\\b)"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "4d5a33f8-83f7-4a4e-9be9-0bf62c2bc533",
"data": {
"name": "DATE_US",
"pattern": "%{MONTHNUM}[/-]%{MONTHDAY}[/-]%{YEAR}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "5cb8080d-ef7c-48f7-bc8b-e284a114a5ec",
"data": {
"name": "HOUR",
"pattern": "(?:2[0123]|[01]?[0-9])"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "e54f322e-ac39-49bf-b7c5-b53c70a561a0",
"data": {
"name": "HTTPD24_ERRORLOG",
"pattern": "\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{WORD:module}:%{LOGLEVEL:loglevel}\\] \\[pid %{POSINT:pid}:tid %{NUMBER:tid}\\]( \\(%{POSINT:proxy_errorcode}\\)%{DATA:proxy_errormessage}:)?( \\[client %{IPORHOST:client}:%{POSINT:clientport}\\])? %{DATA:errorcode}: %{GREEDYDATA:message}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "73ed17b1-3992-4783-aee0-47f31e506a00",
"data": {
"name": "POSINT",
"pattern": "\\b(?:[1-9][0-9]*)\\b"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "1ba2d36b-bbff-4337-9e13-acd9e1674285",
"data": {
"name": "URIPARAM",
"pattern": "\\?[A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?\\-\\[\\]<>]*"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "007a7e1b-b888-4d34-870c-66a3b7f91b97",
"data": {
"name": "EMAILLOCALPART",
"pattern": "[a-zA-Z][a-zA-Z0-9_.+-=:]+"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "984cce84-823c-45c9-8d53-9bbd61ff4685",
"data": {
"name": "EMAILADDRESS",
"pattern": "%{EMAILLOCALPART}@%{HOSTNAME}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "858f1b4a-4a7b-483b-bfa2-5e0bae6ec03a",
"data": {
"name": "TTY",
"pattern": "(?:/dev/(pts|tty([pq])?)(\\w+)?/?(?:[0-9]+))"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "67be690a-928f-48cc-93d1-c9e06b09582e",
"data": {
"name": "DATESTAMP_RFC822",
"pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "6faa1684-62f9-45a8-b5d1-ea4aa49d15d6",
"data": {
"name": "URIHOST",
"pattern": "%{IPORHOST}(?::%{POSINT:port})?"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "1ccb050a-8430-48dc-8ec9-d2fc754c483b",
"data": {
"name": "HTTPDATE",
"pattern": "%{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{INT}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "35f9f5a9-6b44-4dc1-853c-f3ffa2504c03",
"data": {
"name": "SYSLOGPROG",
"pattern": "%{PROG:program}(?:\\[%{POSINT:pid}\\])?"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "22ccfac1-ba47-4c9c-9349-04f6fdca1748",
"data": {
"name": "WINDOWSMAC",
"pattern": "(?:(?:[A-Fa-f0-9]{2}-){5}[A-Fa-f0-9]{2})"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "fdb9dee3-a9bf-4132-aa21-7c8d987481b9",
"data": {
"name": "TIMESTAMP_ISO8601",
"pattern": "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "sidecar_collector",
"version": "1"
},
"id": "f30d09f1-90c2-4375-9ecb-89ce13e20915",
"data": {
"name": {
"@type": "string",
"@value": "filebeat"
},
"service_type": {
"@type": "string",
"@value": "svc"
},
"node_operating_system": {
"@type": "string",
"@value": "windows"
},
"executable_path": {
"@type": "string",
"@value": "C:\\Program Files\\Graylog\\sidecar\\filebeat.exe"
},
"execute_parameters": {
"@type": "string",
"@value": "-c \"%s\""
},
"validation_parameters": {
"@type": "string",
"@value": "test config -c \"%s\""
},
"default_template": {
"@type": "string",
"@value": "# Needed for Graylog\nfields_under_root: true\nfields.collector_node_id: ${sidecar.nodeName}\nfields.gl2_source_collector: ${sidecar.nodeId}\n\noutput.logstash:\n hosts: [\"192.168.1.1:5044\"]\npath:\n data: C:\\Program Files\\Graylog\\sidecar\\cache\\filebeat\\data\n logs: C:\\Program Files\\Graylog\\sidecar\\logs\ntags:\n - windows\nfilebeat.inputs:\n- type: log\n enabled: true\n paths:\n - C:\\logs\\log.log\n"
}
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "320c2c19-1e1a-4c27-bc8b-547896b56e7e",
"data": {
"name": "BASE10NUM",
"pattern": "(?[+-]?(?:(?:[0-9]+(?:\\.[0-9]+)?)|(?:\\.[0-9]+)))"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "d008f6e1-1c14-447e-bacc-8e86accde5f7",
"data": {
"name": "HTTPD20_ERRORLOG",
"pattern": "\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{LOGLEVEL:loglevel}\\] (?:\\[client %{IPORHOST:clientip}\\] ){0,1}%{GREEDYDATA:errormsg}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "dceff2d8-677f-406e-bf4f-1973aee060a5",
"data": {
"name": "COMBINEDAPACHELOG",
"pattern": "%{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "ec726ca4-ac9d-4917-8c2a-da8e2499e85a",
"data": {
"name": "DATESTAMP_RFC2822",
"pattern": "%{DAY}, %{MONTHDAY} %{MONTH} %{YEAR} %{TIME} %{ISO8601_TIMEZONE}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "9bdc4061-bee8-4902-bde2-5eb17759c36c",
"data": {
"name": "ISO8601_TIMEZONE",
"pattern": "(?:Z|[+-]%{HOUR}(?::?%{MINUTE}))"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "0be7b9d1-f719-4ef7-a8aa-32906922122f",
"data": {
"name": "UNIXPATH",
"pattern": "(/([\\w_%!$@:.,~-]+|\\\\.)*)+"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "22dc7fae-412c-4026-adad-0b71bfa2cba5",
"data": {
"name": "UUID",
"pattern": "[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "14bb404e-afae-4119-9b18-96e0e1df3355",
"data": {
"name": "SPACE",
"pattern": "\\s*"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "3d93cd19-e88b-4487-b542-e1bdf9075473",
"data": {
"name": "USERNAME",
"pattern": "[a-zA-Z0-9._-]+"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "53b67c38-ba8a-4844-8e16-ec73be53e53f",
"data": {
"name": "BASE16FLOAT",
"pattern": "\\b(?=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "1c35883d-79f1-4ac5-bfbd-4de46b93b038",
"data": {
"name": "URI",
"pattern": "%{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})?"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "037050ff-4fc7-4ab6-ae28-5992be37be17",
"data": {
"name": "URIPATH",
"pattern": "(?:/[A-Za-z0-9$.+!*'(){},~:;=@#%_\\-]*)+"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "da9d35c7-6045-4f24-9ed6-db09aac6499a",
"data": {
"name": "DATESTAMP_EVENTLOG",
"pattern": "%{YEAR}%{MONTHNUM2}%{MONTHDAY}%{HOUR}%{MINUTE}%{SECOND}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "438cd268-259b-48f1-b65d-62febe312acd",
"data": {
"name": "HTTPD_ERRORLOG",
"pattern": "%{HTTPD20_ERRORLOG}|%{HTTPD24_ERRORLOG}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "0de2450e-258b-48bc-8256-5d86fa63e96d",
"data": {
"name": "SYSLOGBASE",
"pattern": "%{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "fe10b676-42be-422a-a7cf-6cd5d3710316",
"data": {
"name": "HTTPDUSER",
"pattern": "%{EMAILADDRESS}|%{USER}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "8d4d1366-010f-47ff-b456-12acbf571fb0",
"data": {
"name": "MONTHNUM2",
"pattern": "(?:0[1-9]|1[0-2])"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "157039a0-0020-44d5-8560-409727f8843f",
"data": {
"name": "MONTH",
"pattern": "\\b(?:Jan(?:uary|uar)?|Feb(?:ruary|ruar)?|M(?:a|รค)?r(?:ch|z)?|Apr(?:il)?|Ma(?:y|i)?|Jun(?:e|i)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|O(?:c|k)?t(?:ober)?|Nov(?:ember)?|De(?:c|z)(?:ember)?)\\b"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "b63bd64b-a2f6-427d-a375-ad69c6ab4f9f",
"data": {
"name": "YEAR",
"pattern": "(?>\\d\\d){1,2}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "cf0c76bf-4af8-4df5-9d1f-180153aac612",
"data": {
"name": "IPV6",
"pattern": "((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "ce76d569-9056-4612-b066-ae4a8cd5fe10",
"data": {
"name": "SYSLOGHOST",
"pattern": "%{IPORHOST}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "sidecar_collector",
"version": "1"
},
"id": "30a4bf82-5c63-40ee-a947-19551aabdadd",
"data": {
"name": {
"@type": "string",
"@value": "nxlog"
},
"service_type": {
"@type": "string",
"@value": "exec"
},
"node_operating_system": {
"@type": "string",
"@value": "linux"
},
"executable_path": {
"@type": "string",
"@value": "/usr/bin/nxlog"
},
"execute_parameters": {
"@type": "string",
"@value": "-f -c %s"
},
"validation_parameters": {
"@type": "string",
"@value": "-v -c %s"
},
"default_template": {
"@type": "string",
"@value": "define ROOT /usr/bin\n\n\n Module xm_gelf\n # Avoid truncation of the short_message field to 64 characters.\n ShortMessageLength 65536\n\n\n\n Module xm_syslog\n\n\nUser nxlog\nGroup nxlog\n\nModuledir /usr/lib/nxlog/modules\nCacheDir /var/spool/nxlog/data\nPidFile /var/run/nxlog/nxlog.pid\nLogFile /var/log/nxlog/nxlog.log\nLogLevel INFO\n\n\n\n\tModule im_file\n\tFile '/var/log/*.log'\n\tPollInterval 1\n\tSavePos\tTrue\n\tReadFromLast True\n\tRecursive False\n\tRenameCheck False\n\tExec $FileName = file_name(); # Send file name with each message\n\n\n#\n#\tModule im_udp\n#\tHost 127.0.0.1\n#\tPort 514\n#\tExec parse_syslog_bsd();\n#\n\n\n\n\n\n Path file => gelf\n\n#\n# Path syslog-udp => gelf\n#\n\n\n"
}
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "9084046b-5fdb-492b-ae8c-194dc2600739",
"data": {
"name": "DATE_EU",
"pattern": "%{MONTHDAY}[./-]%{MONTHNUM}[./-]%{YEAR}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "68ab0925-f0bb-4620-8982-7cb93c544e84",
"data": {
"name": "HOSTPORT",
"pattern": "%{IPORHOST}:%{POSINT}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "a142e740-27a9-49a0-906b-764b6807734c",
"data": {
"name": "MINUTE",
"pattern": "(?:[0-5][0-9])"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "f3b69a79-7052-4aa5-83d6-64b855997034",
"data": {
"name": "SYSLOGFACILITY",
"pattern": "<%{NONNEGINT:facility}.%{NONNEGINT:priority}>"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "7f128254-bc48-4047-baca-c034e257cd94",
"data": {
"name": "URIPROTO",
"pattern": "[A-Za-z]+(\\+[A-Za-z+]+)?"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
}
]
}