Regex Query in Grafana HELP!

Hi everyone I have Grafana v 7.5.7 and I 'm trying to extract some content from my data.

In this case, my goal is to take the message from snort alert.
I created event.original as my own variable to collect data from elasticsearch and now I can see my logs.

image1175×837 44.3 KB

These values are store by a variable called snort.

However I need extract only the message of the alert, in the section Query

Ex: What I have:

05/27-11:30:12.466603 [] [1:19559:13] “INDICATOR-SCAN SSH brute force login attempt” [] [Classification: Misc activity] [Priority: 3] {TCP} x.x.x.x:53962 → x.x.x.x:xx

What I need:

INDICATOR-SCAN SSH brute force login attempt

image1254×692 68.9 KB

Please help!

Hi @javiubedagrail

You should have a much better chance completing your goal with the new Unified Alerting in Grafana 8, which shipped today. It’s an entirely new alerting platform with much greater power and ease-of-use. And it includes much greater support for variables in alerts

Check it out:
docker run -p 3000:3000 --name=grafana -e "GF_FEATURE_TOGGLES_ENABLE=ngalert" grafana/grafana:8.0.0

This topic was automatically closed after 365 days. New replies are no longer allowed.