The above syntax no longer works. The IP is listed on another line and isn’t being captured by fail2ban.
2023-09-28 07:39:33,017 fail2ban.filter [1]: WARNING [grafana_proxy] Please check a jail for a timing issue. Line with odd timestamp: logger=authn.service t=2023-09-28T08:39:32.757980995-06:00 level=warn msg=“Failed to authenticate request” client=auth.client.form error=“[password-auth.failed] failed to authenticate identity: [identity.not-found] no user fund: user not found”