Logstash and Grok filter failure
Question
My log file has a single line (taken from the tutorial log file):
55.3.244.1 GET /index.html 15824 0.043
My conf file looks something like this:
input {
file {
path => "../http.log"
type => "http"
}
}
filter {
grok {
type => "http"
match => [ "message", "%{IP:client}" ]
}
}
I tested my grok filter with the grok debugger and it worked. I'm at a loss of what I am doing wrong. I get a [0] "_grokparsefailure" every time
1 answers
solution1
2 2014-11-21 20:14:25
As far as debugging a grok filter goes, you can use this link ( http://grokdebug.herokuapp.com/ ) It has a very comprehensive pattern detector which is a good start.
If you only care about the IP and not the remainig part of the log message, following filter should work for you.
%{IP:host} %{GREEDYDATA:remaining_data}
The best method to debug is use, stdin and stdout plugins for logstash and debug your grok patterns.
You can find the documentation here http://logstash.net/docs/1.4.2/
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.