mahdihty
/
liwo
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
101 Commits
5 Branches
0 Tags
1.4 MiB
 
 
Tree: 64dc94c6c6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '64dc94c6c6'
${ noResults }
liwo/liwo.json

1990 lines
53 KiB
Raw Blame History

{
"v": 1,
"id": "2aa0878d-6246-4763-a90f-46a91120e87b",
"rev": 1,
"name": "Liwo",
"summary": "Liwo",
"description": "",
"vendor": "akbarjimi",
"url": "",
"parameters": [],
"entities": [
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "2f1e3986-c53c-424a-a5f4-289a8df7c8f5",
"data": {
"name": "CISCOMAC",
"pattern": "(?:(?:[A-Fa-f0-9]{4}\\.){2}[A-Fa-f0-9]{4})"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "7fed04d3-9f53-4513-9768-ea5cd873ef05",
"data": {
"name": "MONTHNUM",
"pattern": "(?:0?[1-9]|1[0-2])"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "b5b008ad-459a-44c7-bc3c-bc715b21d685",
"data": {
"name": "SYSLOGBASE",
"pattern": "%{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "sidecar_collector",
"version": "1"
},
"id": "e5fdce7e-e209-4bc5-b233-b89d91cfc8e9",
"data": {
"name": {
"@type": "string",
"@value": "nxlog"
},
"service_type": {
"@type": "string",
"@value": "svc"
},
"node_operating_system": {
"@type": "string",
"@value": "windows"
},
"executable_path": {
"@type": "string",
"@value": "C:\\Program Files (x86)\\nxlog\\nxlog.exe"
},
"execute_parameters": {
"@type": "string",
"@value": "-c \"%s\""
},
"validation_parameters": {
"@type": "string",
"@value": "-v -f -c \"%s\""
},
"default_template": {
"@type": "string",
"@value": "define ROOT C:\\Program Files (x86)\\nxlog\n\nModuledir %ROOT%\\modules\nCacheDir %ROOT%\\data\nPidfile %ROOT%\\data\\nxlog.pid\nSpoolDir %ROOT%\\data\nLogFile %ROOT%\\data\\nxlog.log\nLogLevel INFO\n\n<Extension logrotate>\n Module xm_fileop\n <Schedule>\n When @daily\n Exec file_cycle('%ROOT%\\data\\nxlog.log', 7);\n </Schedule>\n</Extension>\n\n\n<Extension gelfExt>\n Module xm_gelf\n # Avoid truncation of the short_message field to 64 characters.\n ShortMessageLength 65536\n</Extension>\n\n<Input eventlog>\n Module im_msvistalog\n PollInterval 1\n SavePos True\n ReadFromLast True\n \n #Channel System\n #<QueryXML>\n # <QueryList>\n # <Query Id='1'>\n # <Select Path='Security'>*[System/Level=4]</Select>\n # </Query>\n # </QueryList>\n #</QueryXML>\n</Input>\n\n\n<Input file>\n\tModule im_file\n\tFile 'C:\\Windows\\MyLogDir\\\\*.log'\n\tPollInterval 1\n\tSavePos\tTrue\n\tReadFromLast True\n\tRecursive False\n\tRenameCheck False\n\tExec $FileName = file_name(); # Send file name with each message\n</Input>\n\n\n<Output gelf>\n\tModule om_tcp\n\tHost 192.168.1.1\n\tPort 12201\n\tOutputType GELF_TCP\n\t<Exec>\n\t # These fields are needed for Graylog\n\t $gl2_source_collector = '${sidecar.nodeId}';\n\t $collector_node_id = '${sidecar.nodeName}';\n\t</Exec>\n</Output>\n\n\n<Route route-1>\n Path eventlog => gelf\n</Route>\n<Route route-2>\n Path file => gelf\n</Route>\n\n"
}
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "e3d488c0-7439-404a-a614-b39795b01de1",
"data": {
"name": "GREEDYDATA",
"pattern": ".*"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "dashboard",
"version": "2"
},
"id": "b00f36f9-201b-476b-b234-07b65bd26541",
"data": {
"summary": {
"@type": "string",
"@value": "This is a list of all sources that sent in messages to Graylog."
},
"search": {
"queries": [
{
"id": "a1647eb6-a064-4fe6-b459-1e4267d3f659",
"timerange": {
"type": "relative",
"range": 300
},
"query": {
"type": "elasticsearch",
"query_string": ""
},
"search_types": [
{
"query": null,
"name": "chart",
"timerange": {
"type": "relative",
"range": 300
},
"streams": [],
"series": [
{
"type": "count",
"id": "Message count",
"field": null
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "time",
"field": "timestamp",
"interval": {
"type": "auto",
"scaling": 1
}
}
],
"type": "pivot",
"id": "481de18f-938e-40d5-8ab2-6eaf6a28f091",
"column_groups": [],
"sort": []
},
{
"query": null,
"name": "chart",
"timerange": {
"type": "relative",
"range": 300
},
"streams": [],
"series": [
{
"type": "count",
"id": "Message count",
"field": null
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "values",
"field": "source",
"limit": 15
}
],
"type": "pivot",
"id": "011b2894-49e5-44d8-aab6-8c4d4457a886",
"column_groups": [],
"sort": [
{
"type": "series",
"field": "count()",
"direction": "Descending"
}
]
},
{
"query": null,
"name": "chart",
"timerange": {
"type": "relative",
"range": 300
},
"streams": [],
"series": [
{
"type": "count",
"id": "Message count",
"field": null
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "values",
"field": "source",
"limit": 10
}
],
"type": "pivot",
"id": "a964f1c5-e108-4b5e-a907-ffe0b0f0683c",
"column_groups": [],
"sort": [
{
"type": "series",
"field": "count()",
"direction": "Descending"
}
]
}
]
}
],
"parameters": [],
"requires": {},
"owner": "admin",
"created_at": "2019-11-22T10:58:47.255Z"
},
"created_at": "2019-11-22T10:54:50.950Z",
"requires": {},
"state": {
"a1647eb6-a064-4fe6-b459-1e4267d3f659": {
"selected_fields": null,
"static_message_list_id": null,
"titles": {
"tab": {
"title": "Sources Overview"
},
"widget": {
"6c127c5d-be75-4157-b43f-ac0194ac0586": "Selected sources",
"92d63811-e4dd-47db-bd3b-db03c8a9bd53": "Messages per Source",
"00637e63-d728-4b3e-932b-7c8696b4855d": "Messages over time"
}
},
"widgets": [
{
"id": "92d63811-e4dd-47db-bd3b-db03c8a9bd53",
"type": "aggregation",
"filter": null,
"timerange": {
"type": "relative",
"range": 300
},
"query": null,
"streams": [],
"config": {
"visualization": "pie",
"event_annotation": false,
"row_pivots": [
{
"field": "source",
"type": "values",
"config": {
"limit": 10
}
}
],
"series": [
{
"config": {
"name": "Message count"
},
"function": "count()"
}
],
"rollup": true,
"column_pivots": [],
"visualization_config": null,
"formatting_settings": null,
"sort": [
{
"type": "series",
"field": "count()",
"direction": "Descending"
}
]
}
},
{
"id": "6c127c5d-be75-4157-b43f-ac0194ac0586",
"type": "aggregation",
"filter": null,
"timerange": {
"type": "relative",
"range": 300
},
"query": null,
"streams": [],
"config": {
"visualization": "table",
"event_annotation": false,
"row_pivots": [
{
"field": "source",
"type": "values",
"config": {
"limit": 15
}
}
],
"series": [
{
"config": {
"name": "Message count"
},
"function": "count()"
}
],
"rollup": true,
"column_pivots": [],
"visualization_config": null,
"formatting_settings": null,
"sort": [
{
"type": "series",
"field": "count()",
"direction": "Descending"
}
]
}
},
{
"id": "00637e63-d728-4b3e-932b-7c8696b4855d",
"type": "aggregation",
"filter": null,
"timerange": {
"type": "relative",
"range": 300
},
"query": null,
"streams": [],
"config": {
"visualization": "line",
"event_annotation": false,
"row_pivots": [
{
"field": "timestamp",
"type": "time",
"config": {
"interval": {
"type": "auto",
"scaling": null
}
}
}
],
"series": [
{
"config": {
"name": "Message count"
},
"function": "count()"
}
],
"rollup": true,
"column_pivots": [],
"visualization_config": null,
"formatting_settings": null,
"sort": []
}
}
],
"widget_mapping": {
"6c127c5d-be75-4157-b43f-ac0194ac0586": [
"011b2894-49e5-44d8-aab6-8c4d4457a886"
],
"92d63811-e4dd-47db-bd3b-db03c8a9bd53": [
"a964f1c5-e108-4b5e-a907-ffe0b0f0683c"
],
"00637e63-d728-4b3e-932b-7c8696b4855d": [
"481de18f-938e-40d5-8ab2-6eaf6a28f091"
]
},
"positions": {
"6c127c5d-be75-4157-b43f-ac0194ac0586": {
"col": 1,
"row": 5,
"height": 4,
"width": 6
},
"92d63811-e4dd-47db-bd3b-db03c8a9bd53": {
"col": 7,
"row": 5,
"height": 4,
"width": 6
},
"00637e63-d728-4b3e-932b-7c8696b4855d": {
"col": 1,
"row": 1,
"height": 4,
"width": "Infinity"
}
},
"formatting": {
"highlighting": []
},
"display_mode_settings": {
"positions": {}
}
}
},
"properties": [],
"owner": "admin",
"title": {
"@type": "string",
"@value": "Sources"
},
"type": "DASHBOARD",
"description": {
"@type": "string",
"@value": "This is a list of all sources that sent in messages to Graylog. You can narrow the timerange by zooming in on the message histogram, or you can increase the time range by specifying a broader one in the controls at the top. You can also specify filters to limit the results you are seeing. You can also add additional widgets to this dashboard, or adapt the appearance of existing widgets to suit your needs."
}
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "1da7f012-0a89-46a5-910c-75c1918289a5",
"data": {
"name": "BASE16NUM",
"pattern": "(?<![0-9A-Fa-f])(?:[+-]?(?:0x)?(?:[0-9A-Fa-f]+))"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "1c0bba53-ee9d-4cf7-bf1f-02d21955401f",
"data": {
"name": "USER",
"pattern": "%{USERNAME}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "497ef367-b27b-42bb-a81c-50bd29f4817c",
"data": {
"name": "HTTPD20_ERRORLOG",
"pattern": "\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{LOGLEVEL:loglevel}\\] (?:\\[client %{IPORHOST:clientip}\\] ){0,1}%{GREEDYDATA:errormsg}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "42fd8b52-5bb5-40a0-9b83-efe71775d4b4",
"data": {
"name": "SECOND",
"pattern": "(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "5c41392a-5c34-4757-8d8d-2d36b95dab67",
"data": {
"name": "LOGLEVEL",
"pattern": "([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "94f1ae77-2e19-43fc-98dd-0b1ecfdb6076",
"data": {
"name": "MINUTE",
"pattern": "(?:[0-5][0-9])"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "31102730-a557-4714-92bd-379b6838baab",
"data": {
"name": "HTTPDUSER",
"pattern": "%{EMAILADDRESS}|%{USER}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "297f4106-f19d-44f5-a860-111f0cec7f55",
"data": {
"name": "YEAR",
"pattern": "(?>\\d\\d){1,2}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "input",
"version": "1"
},
"id": "77e24609-e2ec-46cf-ab7a-12cde3fe92ca",
"data": {
"title": {
"@type": "string",
"@value": "Laravel"
},
"configuration": {
"recv_buffer_size": {
"@type": "integer",
"@value": 1048576
},
"port": {
"@type": "integer",
"@value": 12201
},
"number_worker_threads": {
"@type": "integer",
"@value": 4
},
"bind_address": {
"@type": "string",
"@value": "0.0.0.0"
},
"decompress_size_limit": {
"@type": "integer",
"@value": 8388608
}
},
"static_fields": {},
"type": {
"@type": "string",
"@value": "org.graylog2.inputs.gelf.udp.GELFUDPInput"
},
"global": {
"@type": "boolean",
"@value": false
},
"extractors": []
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "108013a3-5ae7-406c-8b57-3438e36bfd1d",
"data": {
"name": "WINPATH",
"pattern": "(?>[A-Za-z]+:|\\\\)(?:\\\\[^\\\\?*]*)+"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "b25b9489-5cb4-4123-acc3-a6c38ecfccd4",
"data": {
"name": "USERNAME",
"pattern": "[a-zA-Z0-9._-]+"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "ec5722cc-23e8-4f46-81ce-4ff942607c6b",
"data": {
"name": "SYSLOGTIMESTAMP",
"pattern": "%{MONTH} +%{MONTHDAY} %{TIME}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "457ff006-5b18-4775-bf59-4d66bd402018",
"data": {
"name": "URIPROTO",
"pattern": "[A-Za-z]+(\\+[A-Za-z+]+)?"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "1059e583-9144-43da-ae9a-ca44c3f8ea09",
"data": {
"name": "HTTPD24_ERRORLOG",
"pattern": "\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{WORD:module}:%{LOGLEVEL:loglevel}\\] \\[pid %{POSINT:pid}:tid %{NUMBER:tid}\\]( \\(%{POSINT:proxy_errorcode}\\)%{DATA:proxy_errormessage}:)?( \\[client %{IPORHOST:client}:%{POSINT:clientport}\\])? %{DATA:errorcode}: %{GREEDYDATA:message}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "49c06919-2c80-426d-abad-34ab7f9acc07",
"data": {
"name": "COMBINEDAPACHELOG",
"pattern": "%{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "9cc6556b-3bf4-4a1f-b03f-86653daba4d9",
"data": {
"name": "COMMONAPACHELOG",
"pattern": "%{IPORHOST:clientip} %{HTTPDUSER:ident} %{USER:auth} \\[%{HTTPDATE:timestamp;date;dd/MMM/yyyy:HH:mm:ss Z}\\] \"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" %{NUMBER:response} (?:%{NUMBER:bytes}|-)"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "e3ff9ecc-341a-4ffa-899b-561245ba32c4",
"data": {
"name": "HTTPD_ERRORLOG",
"pattern": "%{HTTPD20_ERRORLOG}|%{HTTPD24_ERRORLOG}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "90231790-9904-4a76-a811-4d921005cf5d",
"data": {
"name": "MONTHNUM2",
"pattern": "(?:0[1-9]|1[0-2])"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "sidecar_collector",
"version": "1"
},
"id": "73c5dff8-330d-41ca-bd05-100d85008ee2",
"data": {
"name": {
"@type": "string",
"@value": "filebeat"
},
"service_type": {
"@type": "string",
"@value": "svc"
},
"node_operating_system": {
"@type": "string",
"@value": "windows"
},
"executable_path": {
"@type": "string",
"@value": "C:\\Program Files\\Graylog\\sidecar\\filebeat.exe"
},
"execute_parameters": {
"@type": "string",
"@value": "-c \"%s\""
},
"validation_parameters": {
"@type": "string",
"@value": "test config -c \"%s\""
},
"default_template": {
"@type": "string",
"@value": "# Needed for Graylog\nfields_under_root: true\nfields.collector_node_id: ${sidecar.nodeName}\nfields.gl2_source_collector: ${sidecar.nodeId}\n\noutput.logstash:\n hosts: [\"192.168.1.1:5044\"]\npath:\n data: C:\\Program Files\\Graylog\\sidecar\\cache\\filebeat\\data\n logs: C:\\Program Files\\Graylog\\sidecar\\logs\ntags:\n - windows\nfilebeat.inputs:\n- type: log\n enabled: true\n paths:\n - C:\\logs\\log.log\n"
}
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "ba9ab685-0de5-4846-809e-c184a9062374",
"data": {
"name": "IP",
"pattern": "(?:%{IPV6}|%{IPV4})"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "27288d6a-5ba3-4ee4-8413-7648f63424a1",
"data": {
"name": "DATE_US",
"pattern": "%{MONTHNUM}[/-]%{MONTHDAY}[/-]%{YEAR}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "sidecar_collector",
"version": "1"
},
"id": "b710a7b4-062d-4f4d-ac6e-594735d78b45",
"data": {
"name": {
"@type": "string",
"@value": "winlogbeat"
},
"service_type": {
"@type": "string",
"@value": "svc"
},
"node_operating_system": {
"@type": "string",
"@value": "windows"
},
"executable_path": {
"@type": "string",
"@value": "C:\\Program Files\\Graylog\\sidecar\\winlogbeat.exe"
},
"execute_parameters": {
"@type": "string",
"@value": "-c \"%s\""
},
"validation_parameters": {
"@type": "string",
"@value": "test config -c \"%s\""
},
"default_template": {
"@type": "string",
"@value": "# Needed for Graylog\nfields_under_root: true\nfields.collector_node_id: ${sidecar.nodeName}\nfields.gl2_source_collector: ${sidecar.nodeId}\n\noutput.logstash:\n hosts: [\"192.168.1.1:5044\"]\npath:\n data: C:\\Program Files\\Graylog\\sidecar\\cache\\winlogbeat\\data\n logs: C:\\Program Files\\Graylog\\sidecar\\logs\ntags:\n - windows\nwinlogbeat:\n event_logs:\n - name: Application\n - name: System\n - name: Security"
}
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "921e7b58-1d38-4b0c-80e5-a04415b3ef58",
"data": {
"name": "INT",
"pattern": "(?:[+-]?(?:[0-9]+))"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "ff2b8a70-59fd-4af2-a493-ca8b1d2585a9",
"data": {
"name": "PATH",
"pattern": "(?:%{UNIXPATH}|%{WINPATH})"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "1c771f5f-b716-4312-a302-b1fb300117e3",
"data": {
"name": "NONNEGINT",
"pattern": "\\b(?:[0-9]+)\\b"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "a8acf205-e1de-4039-bc41-a08024424409",
"data": {
"name": "SPACE",
"pattern": "\\s*"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "d97c0288-6e96-48e3-948e-88da47d5fecf",
"data": {
"name": "DATESTAMP_RFC822",
"pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "43df0cda-b6e9-4e40-8f67-84e8ef3f85c6",
"data": {
"name": "URIPARAM",
"pattern": "\\?[A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?\\-\\[\\]<>]*"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "1f2a717b-2847-4a80-aeca-fd20c8253cf5",
"data": {
"name": "DATESTAMP",
"pattern": "%{DATE}[- ]%{TIME}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "20b5dabc-dca7-47b2-890d-732e1fcffef7",
"data": {
"name": "WORD",
"pattern": "\\b\\w+\\b"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "e7903224-2b7b-4c32-b36f-b2925d1abbb8",
"data": {
"name": "URI",
"pattern": "%{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})?"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "1faa4b48-edee-40a4-9f3d-fd96cfa8034f",
"data": {
"name": "HOUR",
"pattern": "(?:2[0123]|[01]?[0-9])"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "4249fead-f4e4-40cb-a259-f9a8cfe84c51",
"data": {
"name": "SYSLOGHOST",
"pattern": "%{IPORHOST}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "c6845ec4-a6b9-434b-a853-e5e13984cd60",
"data": {
"name": "IPV4",
"pattern": "(?<![0-9])(?:(?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5]))(?![0-9])"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "901d80a0-3066-488f-a273-b1a6bbb2c367",
"data": {
"name": "UNIXPATH",
"pattern": "(/([\\w_%!$@:.,~-]+|\\\\.)*)+"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "a55410e6-2cb9-4ba3-b053-af92f0d93fb9",
"data": {
"name": "POSINT",
"pattern": "\\b(?:[1-9][0-9]*)\\b"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "c6336f43-ced0-4996-a130-d3829868851c",
"data": {
"name": "HTTPDATE",
"pattern": "%{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{INT}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "sidecar_collector",
"version": "1"
},
"id": "8c39c0e1-db3e-4098-bcf2-264ff511f38c",
"data": {
"name": {
"@type": "string",
"@value": "filebeat"
},
"service_type": {
"@type": "string",
"@value": "exec"
},
"node_operating_system": {
"@type": "string",
"@value": "linux"
},
"executable_path": {
"@type": "string",
"@value": "/usr/share/filebeat/bin/filebeat"
},
"execute_parameters": {
"@type": "string",
"@value": "-c %s"
},
"validation_parameters": {
"@type": "string",
"@value": "test config -c %s"
},
"default_template": {
"@type": "string",
"@value": "# Needed for Graylog\nfields_under_root: true\nfields.collector_node_id: ${sidecar.nodeName}\nfields.gl2_source_collector: ${sidecar.nodeId}\n\nfilebeat.inputs:\n- input_type: log\n paths:\n - /var/log/*.log\n type: log\noutput.logstash:\n hosts: [\"192.168.1.1:5044\"]\npath:\n data: /var/lib/graylog-sidecar/collectors/filebeat/data\n logs: /var/lib/graylog-sidecar/collectors/filebeat/log"
}
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "3873a640-d4f9-494e-afe4-f4d6cbcd2dd6",
"data": {
"name": "QUOTEDSTRING",
"pattern": "(?>(?<!\\\\)(?>\"(?>\\\\.|[^\\\\\"]+)+\"|\"\"|(?>'(?>\\\\.|[^\\\\']+)+')|''|(?>`(?>\\\\.|[^\\\\`]+)+`)|``))"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "ff210553-4c85-4fe5-b227-24bb2e2834c0",
"data": {
"name": "URIPATHPARAM",
"pattern": "%{URIPATH}(?:%{URIPARAM})?"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "4532a4e6-ef98-4792-abf8-5087e151357b",
"data": {
"name": "BASE10NUM",
"pattern": "(?<![0-9.+-])(?>[+-]?(?:(?:[0-9]+(?:\\.[0-9]+)?)|(?:\\.[0-9]+)))"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "a3b4d934-b4c9-4195-8917-977b541fe59b",
"data": {
"name": "DATESTAMP_OTHER",
"pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{TZ} %{YEAR}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "e8b3bbfd-e4c4-4977-ad2b-958f3f19beca",
"data": {
"name": "DATESTAMP_RFC2822",
"pattern": "%{DAY}, %{MONTHDAY} %{MONTH} %{YEAR} %{TIME} %{ISO8601_TIMEZONE}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "d15f93b3-32b4-4f00-9070-517df931739e",
"data": {
"name": "QS",
"pattern": "%{QUOTEDSTRING}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "368729d0-d26a-4f49-aee2-9fc6341610b1",
"data": {
"name": "DATE_EU",
"pattern": "%{MONTHDAY}[./-]%{MONTHNUM}[./-]%{YEAR}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "c939b28d-53f1-4103-97c1-808d370f3477",
"data": {
"name": "ISO8601_SECOND",
"pattern": "(?:%{SECOND}|60)"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "d923db54-9d8c-4156-b4bd-9abf3fc0eb36",
"data": {
"name": "EMAILLOCALPART",
"pattern": "[a-zA-Z][a-zA-Z0-9_.+-=:]+"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "a4a81def-c227-4ed0-b957-27b5521080d2",
"data": {
"name": "URIPATH",
"pattern": "(?:/[A-Za-z0-9$.+!*'(){},~:;=@#%_\\-]*)+"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "c46e2be4-5618-426c-add9-e639a43ddec7",
"data": {
"name": "NUMBER",
"pattern": "(?:%{BASE10NUM})"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "47ccb32f-27b7-4e56-8b25-d053886e977b",
"data": {
"name": "SYSLOGPROG",
"pattern": "%{PROG:program}(?:\\[%{POSINT:pid}\\])?"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "0439144b-5882-412d-9402-7b96a339a9c4",
"data": {
"name": "BASE16FLOAT",
"pattern": "\\b(?<![0-9A-Fa-f.])(?:[+-]?(?:0x)?(?:(?:[0-9A-Fa-f]+(?:\\.[0-9A-Fa-f]*)?)|(?:\\.[0-9A-Fa-f]+)))\\b"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "4305f22c-6497-4a29-8e3b-8fa5bb9071d8",
"data": {
"name": "DATE",
"pattern": "%{DATE_US}|%{DATE_EU}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "b95ed6d7-ebce-4480-bd07-7dab74acaf1c",
"data": {
"name": "TTY",
"pattern": "(?:/dev/(pts|tty([pq])?)(\\w+)?/?(?:[0-9]+))"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "876c0e77-0dc7-4c84-9faa-4eecd4ad2461",
"data": {
"name": "TIME",
"pattern": "(?!<[0-9])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![0-9])"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "c12a7dff-d565-47c2-83c2-066f4ef1ecce",
"data": {
"name": "HOSTNAME",
"pattern": "\\b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\\.?|\\b)"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "24b268d0-7532-4e72-ac39-01328c8b37ae",
"data": {
"name": "IPORHOST",
"pattern": "(?:%{IP}|%{HOSTNAME})"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "6cfc22e7-cf55-422f-804c-dc2784f2a174",
"data": {
"name": "IPV6",
"pattern": "((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "33490e99-1310-44ea-9478-54d9701b95d0",
"data": {
"name": "MONTH",
"pattern": "\\b(?:Jan(?:uary|uar)?|Feb(?:ruary|ruar)?|M(?:a|ä)?r(?:ch|z)?|Apr(?:il)?|Ma(?:y|i)?|Jun(?:e|i)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|O(?:c|k)?t(?:ober)?|Nov(?:ember)?|De(?:c|z)(?:ember)?)\\b"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "sidecar_collector",
"version": "1"
},
"id": "1870a97f-b5bb-4131-b6f9-fc3dee54610e",
"data": {
"name": {
"@type": "string",
"@value": "nxlog"
},
"service_type": {
"@type": "string",
"@value": "exec"
},
"node_operating_system": {
"@type": "string",
"@value": "linux"
},
"executable_path": {
"@type": "string",
"@value": "/usr/bin/nxlog"
},
"execute_parameters": {
"@type": "string",
"@value": "-f -c %s"
},
"validation_parameters": {
"@type": "string",
"@value": "-v -c %s"
},
"default_template": {
"@type": "string",
"@value": "define ROOT /usr/bin\n\n<Extension gelfExt>\n Module xm_gelf\n # Avoid truncation of the short_message field to 64 characters.\n ShortMessageLength 65536\n</Extension>\n\n<Extension syslogExt>\n Module xm_syslog\n</Extension>\n\nUser nxlog\nGroup nxlog\n\nModuledir /usr/lib/nxlog/modules\nCacheDir /var/spool/nxlog/data\nPidFile /var/run/nxlog/nxlog.pid\nLogFile /var/log/nxlog/nxlog.log\nLogLevel INFO\n\n\n<Input file>\n\tModule im_file\n\tFile '/var/log/*.log'\n\tPollInterval 1\n\tSavePos\tTrue\n\tReadFromLast True\n\tRecursive False\n\tRenameCheck False\n\tExec $FileName = file_name(); # Send file name with each message\n</Input>\n\n#<Input syslog-udp>\n#\tModule im_udp\n#\tHost 127.0.0.1\n#\tPort 514\n#\tExec parse_syslog_bsd();\n#</Input>\n\n<Output gelf>\n\tModule om_tcp\n\tHost 192.168.1.1\n\tPort 12201\n\tOutputType GELF_TCP\n\t<Exec>\n\t # These fields are needed for Graylog\n\t $gl2_source_collector = '${sidecar.nodeId}';\n\t $collector_node_id = '${sidecar.nodeName}';\n\t</Exec>\n</Output>\n\n\n<Route route-1>\n Path file => gelf\n</Route>\n#<Route route-2>\n# Path syslog-udp => gelf\n#</Route>\n\n\n"
}
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "d10a122f-7400-4b7f-ab53-da77e2f2680d",
"data": {
"name": "HOSTPORT",
"pattern": "%{IPORHOST}:%{POSINT}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "e2a64161-bddb-4cad-92b0-12aeff55a97d",
"data": {
"name": "COMMONMAC",
"pattern": "(?:(?:[A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2})"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "64478ff4-a531-428f-8d58-c258d28e6534",
"data": {
"name": "URIHOST",
"pattern": "%{IPORHOST}(?::%{POSINT:port})?"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "36dad036-c900-4447-a24c-9e02201014f5",
"data": {
"name": "DATESTAMP_EVENTLOG",
"pattern": "%{YEAR}%{MONTHNUM2}%{MONTHDAY}%{HOUR}%{MINUTE}%{SECOND}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "a3edd0da-5f3e-483f-b84e-5e4e62efa061",
"data": {
"name": "MONTHDAY",
"pattern": "(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "a30635e9-a888-42ab-9a3d-407392f2c95d",
"data": {
"name": "DAY",
"pattern": "(?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?)"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "d38921ef-5635-46bc-8e0e-07ade347b6e8",
"data": {
"name": "PROG",
"pattern": "[\\x21-\\x5a\\x5c\\x5e-\\x7e]+"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "ad53591c-32d2-4c91-886e-39e31d4a80a9",
"data": {
"name": "WINDOWSMAC",
"pattern": "(?:(?:[A-Fa-f0-9]{2}-){5}[A-Fa-f0-9]{2})"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "6c60a9cb-7098-4d13-8197-03551a64aab4",
"data": {
"name": "ISO8601_TIMEZONE",
"pattern": "(?:Z|[+-]%{HOUR}(?::?%{MINUTE}))"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "7fa32594-0c1c-452a-a909-5e714e5912b2",
"data": {
"name": "TZ",
"pattern": "(?:[PMCE][SD]T|UTC)"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "b46b9b9d-433f-4e58-afb1-c110f6f4a0f2",
"data": {
"name": "EMAILADDRESS",
"pattern": "%{EMAILLOCALPART}@%{HOSTNAME}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "285fde1c-3afb-4138-bf2e-91b7ecdb0056",
"data": {
"name": "UUID",
"pattern": "[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "d4edab73-7392-45a8-be01-ba1130455055",
"data": {
"name": "DATA",
"pattern": ".*?"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "8e1db82b-161e-4f09-9fdc-bb3f42dafbd8",
"data": {
"name": "HTTPDERROR_DATE",
"pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "091038b0-d328-4eea-a20a-6dd638c07b52",
"data": {
"name": "MAC",
"pattern": "(?:%{CISCOMAC}|%{WINDOWSMAC}|%{COMMONMAC})"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "e8c5f48b-5f11-4a88-920c-2517a0b75c24",
"data": {
"name": "TIMESTAMP_ISO8601",
"pattern": "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "640e251f-bf9e-4fea-abbc-49c933d3f8f4",
"data": {
"name": "SYSLOGFACILITY",
"pattern": "<%{NONNEGINT:facility}.%{NONNEGINT:priority}>"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
},
{
"v": "1",
"type": {
"name": "grok_pattern",
"version": "1"
},
"id": "9f56b9b6-a7c7-4caa-be72-68571a917d52",
"data": {
"name": "NOTSPACE",
"pattern": "\\S+"
},
"constraints": [
{
"type": "server-version",
"version": ">=4.0.5+d95b909"
}
]
}
]
}