Only ovpns interfaces visible in Grafana

[rbicelli]

I can see only ovpns statistics in Grafana. My pfsense interface are lagg0.{VLAN_ID}.
Looking into Graylog stream I see pfsense fields populated only for ovpns related items.
I'm new to Graylog an Grafana world but I think my issue is in the grok pattern. Using these two logs messages as example:

filterlog: 475,,,1424803213,lagg0.31,match,block,in,4,0x0,,64,39847,0,DF,6,tcp,60,192.168.31.168,95.100.81.146,52414,80,0,S,358918382,,29200,,mss;sackOK;TS;nop;wscale

filterlog: 9,,,1000000103,ovpns1,match,block,in,4,0x0,,1,59729,0,DF,17,udp,199,10.0.8.26,239.255.255.250,59296,1900,179

I tested the grok pattern with a grok pattern tester and the first example fails, stopping at iface field, which is parsed as lagg0.

I edited the grok patterns replacing the expression WORD:iface with USERNAME:iface

%{INT:rule},%{INT:sub_rule}?,,%{INT:tracker},%{USERNAME:iface},%{WORD:reason},%{WORD:action},%{WORD:direction}, 

Now the stream fill the fields in the correct way, but I can't see any interface except ovpns in grafana.

[rbicelli]

Update: now in Grafana I can see all interfaces, but it throws an error when "All" is selected on filter dropdowns.