muresan/gist:c59f3ecfb803606d4ea8489f29f728a6

## gistfile1.txt
{job="varlogs",filename="/var/log/secure"}
  | regexp "(?P<month>\\w+) (?P<day>\\d+) (?P<time>\\d{2}:\\d{2}:\\d{2}) (?P<hostname>\\w+) (?P<process>\\w+)\\[(?P<pid>\\d+)\\]: (?P<message>.*)"

{job="varlogs",filename="/var/log/messages"}
  | regexp "(?P<month>\\w+) (?P<day>\\d+) (?P<time>\\d{2}:\\d{2}:\\d{2}) (?P<hostname>\\w+) (?P<process>\\w+)(\\[(?P<pid>\\d+)\\])?: (?P<message>.*)"
	{job="varlogs",filename="/var/log/secure"}
	\| regexp "(?P<month>\\w+) (?P<day>\\d+) (?P<time>\\d{2}:\\d{2}:\\d{2}) (?P<hostname>\\w+) (?P<process>\\w+)\\[(?P<pid>\\d+)\\]: (?P<message>.*)"

	{job="varlogs",filename="/var/log/messages"}
	\| regexp "(?P<month>\\w+) (?P<day>\\d+) (?P<time>\\d{2}:\\d{2}:\\d{2}) (?P<hostname>\\w+) (?P<process>\\w+)(\\[(?P<pid>\\d+)\\])?: (?P<message>.*)"