Please wait. This can take some minutes ...
Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $
You can buy this project and download/modify it how often you want.
org.graylog2.migrations.V20180924111644_AddDefaultGrokPatterns_Default_Grok_Patterns.json Maven / Gradle / Ivy
{
"id": "a3ce55ad-bdf3-7a50-305c-1e5bf3de6eca",
"rev": 1,
"v": "1",
"name": "Default Grok Patterns",
"summary": "The Graylog default Grok patterns",
"description": "These are the default Grok patterns provided by Graylog.",
"vendor": "Graylog ",
"url": "https://github.com/Graylog2/graylog2-server",
"parameters": [],
"entities": [
{
"id": "595e7897833ee75eda49ad58",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "USER",
"pattern": "%{USERNAME}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad20",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "TIME",
"pattern": "(?!<[0-9])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![0-9])"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad4b",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "DATESTAMP",
"pattern": "%{DATE}[- ]%{TIME}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad55",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "HTTPDUSER",
"pattern": "%{EMAILADDRESS}|%{USER}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad13",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "URI",
"pattern": "%{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})?"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad23",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "MONTHDAY",
"pattern": "(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad65",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "WINPATH",
"pattern": "(?>[A-Za-z]+:|\\\\)(?:\\\\[^\\\\?*]*)+"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad16",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "SYSLOGBASE",
"pattern": "%{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad2e",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "POSINT",
"pattern": "\\b(?:[1-9][0-9]*)\\b"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad45",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "NUMBER",
"pattern": "(?:%{BASE10NUM})"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad5e",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "HTTPD24_ERRORLOG",
"pattern": "\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{WORD:module}:%{LOGLEVEL:loglevel}\\] \\[pid %{POSINT:pid}:tid %{NUMBER:tid}\\]( \\(%{POSINT:proxy_errorcode}\\)%{DATA:proxy_errormessage}:)?( \\[client %{IPORHOST:client}:%{POSINT:clientport}\\])? %{DATA:errorcode}: %{GREEDYDATA:message}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad19",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "URIPARAM",
"pattern": "\\?[A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?\\-\\[\\]<>]*"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad40",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "DATESTAMP_RFC822",
"pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad30",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "SYSLOGTIMESTAMP",
"pattern": "%{MONTH} +%{MONTHDAY} %{TIME}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad35",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "MONTHNUM",
"pattern": "(?:0?[1-9]|1[0-2])"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad4e",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "QUOTEDSTRING",
"pattern": "(?>(?\"(?>\\\\.|[^\\\\\"]+)+\"|\"\"|(?>'(?>\\\\.|[^\\\\']+)+')|''|(?>`(?>\\\\.|[^\\\\`]+)+`)|``))"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad50",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "CISCOMAC",
"pattern": "(?:(?:[A-Fa-f0-9]{4}\\.){2}[A-Fa-f0-9]{4})"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad29",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "WORD",
"pattern": "\\b\\w+\\b"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad64",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "HTTPDATE",
"pattern": "%{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{INT}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad5d",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "DATESTAMP_RFC2822",
"pattern": "%{DAY}, %{MONTHDAY} %{MONTH} %{YEAR} %{TIME} %{ISO8601_TIMEZONE}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad25",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "YEAR",
"pattern": "(?>\\d\\d){1,2}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad2c",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "HTTPD20_ERRORLOG",
"pattern": "\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{LOGLEVEL:loglevel}\\] (?:\\[client %{IPORHOST:clientip}\\] ){0,1}%{GREEDYDATA:errormsg}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad2f",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "NOTSPACE",
"pattern": "\\S+"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad18",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "BASE16NUM",
"pattern": "(?=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad4c",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "TZ",
"pattern": "(?:[PMCE][SD]T|UTC)"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad1b",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "URIHOST",
"pattern": "%{IPORHOST}(?::%{POSINT:port})?"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad36",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "DATA",
"pattern": ".*?"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad42",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "LOGLEVEL",
"pattern": "([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad3b",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "SPACE",
"pattern": "\\s*"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad49",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "HOUR",
"pattern": "(?:2[0123]|[01]?[0-9])"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad1e",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "EMAILLOCALPART",
"pattern": "[a-zA-Z][a-zA-Z0-9_.+-=:]+"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad4a",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "URIPATH",
"pattern": "(?:/[A-Za-z0-9$.+!*'(){},~:;=@#%_\\-]*)+"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad33",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "DATE_EU",
"pattern": "%{MONTHDAY}[./-]%{MONTHNUM}[./-]%{YEAR}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad2a",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "COMMONAPACHELOG",
"pattern": "%{IPORHOST:clientip} %{HTTPDUSER:ident} %{USER:auth} \\[%{HTTPDATE:timestamp;date;dd/MMM/yyyy:HH:mm:ss Z}\\] \"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" %{NUMBER:response} (?:%{NUMBER:bytes}|-)"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad22",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "SYSLOGHOST",
"pattern": "%{IPORHOST}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad53",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "TTY",
"pattern": "(?:/dev/(pts|tty([pq])?)(\\w+)?/?(?:[0-9]+))"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad38",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "BASE10NUM",
"pattern": "(?[+-]?(?:(?:[0-9]+(?:\\.[0-9]+)?)|(?:\\.[0-9]+)))"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad5b",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "GREEDYDATA",
"pattern": ".*"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad3e",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "IPORHOST",
"pattern": "(?:%{IP}|%{HOSTNAME})"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad41",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "DAY",
"pattern": "(?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?)"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad37",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "NONNEGINT",
"pattern": "\\b(?:[0-9]+)\\b"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad27",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "UUID",
"pattern": "[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad5f",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "IP",
"pattern": "(?:%{IPV6}|%{IPV4})"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad1d",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "DATE_US",
"pattern": "%{MONTHNUM}[/-]%{MONTHDAY}[/-]%{YEAR}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad34",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "WINDOWSMAC",
"pattern": "(?:(?:[A-Fa-f0-9]{2}-){5}[A-Fa-f0-9]{2})"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad31",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "BASE16FLOAT",
"pattern": "\\b(?=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad4f",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "IPV4",
"pattern": "(?=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad5c",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "ISO8601_SECOND",
"pattern": "(?:%{SECOND}|60)"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad44",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "SYSLOGPROG",
"pattern": "%{PROG:program}(?:\\[%{POSINT:pid}\\])?"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad24",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "INT",
"pattern": "(?:[+-]?(?:[0-9]+))"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad3d",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "HTTPD_ERRORLOG",
"pattern": "%{HTTPD20_ERRORLOG}|%{HTTPD24_ERRORLOG}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad66",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "MAC",
"pattern": "(?:%{CISCOMAC}|%{WINDOWSMAC}|%{COMMONMAC})"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad61",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "DATE",
"pattern": "%{DATE_US}|%{DATE_EU}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad56",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "IPV6",
"pattern": "((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad4d",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "MINUTE",
"pattern": "(?:[0-5][0-9])"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad51",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "PATH",
"pattern": "(?:%{UNIXPATH}|%{WINPATH})"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad46",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "COMBINEDAPACHELOG",
"pattern": "%{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad15",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "HOSTNAME",
"pattern": "\\b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\\.?|\\b)"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad60",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "HOSTPORT",
"pattern": "%{IPORHOST}:%{POSINT}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad32",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "SYSLOGFACILITY",
"pattern": "<%{NONNEGINT:facility}.%{NONNEGINT:priority}>"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad39",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "COMMONMAC",
"pattern": "(?:(?:[A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2})"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad26",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "ISO8601_TIMEZONE",
"pattern": "(?:Z|[+-]%{HOUR}(?::?%{MINUTE}))"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad57",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "DATESTAMP_EVENTLOG",
"pattern": "%{YEAR}%{MONTHNUM2}%{MONTHDAY}%{HOUR}%{MINUTE}%{SECOND}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad5a",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "UNIXPATH",
"pattern": "(/([\\w_%!$@:.,~-]+|\\\\.)*)+"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad3c",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "USERNAME",
"pattern": "[a-zA-Z0-9._-]+"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad59",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "TIMESTAMP_ISO8601",
"pattern": "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad63",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "DATESTAMP_OTHER",
"pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{TZ} %{YEAR}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad28",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "QS",
"pattern": "%{QUOTEDSTRING}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad21",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "SECOND",
"pattern": "(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad2b",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "URIPROTO",
"pattern": "[A-Za-z]+(\\+[A-Za-z+]+)?"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad54",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "MONTHNUM2",
"pattern": "(?:0[1-9]|1[0-2])"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad17",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "MONTH",
"pattern": "\\b(?:Jan(?:uary|uar)?|Feb(?:ruary|ruar)?|M(?:a|ä)?r(?:ch|z)?|Apr(?:il)?|Ma(?:y|i)?|Jun(?:e|i)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|O(?:c|k)?t(?:ober)?|Nov(?:ember)?|De(?:c|z)(?:ember)?)\\b"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad1f",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "PROG",
"pattern": "[\\x21-\\x5a\\x5c\\x5e-\\x7e]+"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7896833ee75eda49ad1a",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "EMAILADDRESS",
"pattern": "%{EMAILLOCALPART}@%{HOSTNAME}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad3a",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "URIPATHPARAM",
"pattern": "%{URIPATH}(?:%{URIPARAM})?"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
},
{
"id": "595e7897833ee75eda49ad43",
"type": {
"name": "grok_pattern",
"version": "1"
},
"v": "1",
"data": {
"name": "HTTPDERROR_DATE",
"pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}"
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0-alpha.2+07766b9"
}
]
}
]
}