1 2 Previous Next 15 Replies Latest reply on May 18, 2016 11:46 PM by andy777

    Weird syslog parsing issue causing gibberish events to show up

    anhp

      Hello,

       

      I was trying to write a custom parser for one of our applications (ManageEngine Password Manager Pro) to collect syslog and once I imported a test file, the event does show up correctly, along with like another 10 gibberish events. The regex expression I'm using for my parser is as below:

       

      (.*?):(\d*.\d*.\d*.\d) ([a-zA-Z\_]*) \d*\/\d*\/\d* \d*:\d*:\d* ([a-zA-Z]*) (.*) ([a-zA-Z0-9-]*):(.*):(.*)

       

      My sample syslog:

       

      admin:127.0.0.1 Account_Added 2009/12/23 11:39:00 Success pmp_test windows-server1:account1:Testing


      Using this regex, I was able to capture everything, except the date and time which I don't need. When I finished rolling out the parser to the data source and imported the test log file, I got the events, but also received weird gibberish like below:


      Screen Shot 2016-05-16 at 2.10.51 PM.png


      Does anybody know why these are being captured?


      Thanks,



      Anh Pham

        1 2 Previous Next