I've got this pattern "03/Feb/2017:11:14:44 +0000" and I've got this regexp NGDATE (^....................) which if I try on any online regexp tool match 03/Feb/2017:11:14:44
but for some reason I get _grokparsefailure instead, why ?
My goal is to send 03/Feb/2017:11:14:44 to logstash by skipping +0000
Any ideas ?
Thanks
If you show us a minimal Logstash configuration example that exhibits the problem it'll be easier to help.
Another possibility is that you have an extra file in /etc/logstash/conf.d with a non-matching grok filter, i.e. the grok filter you think you're running works fine but you're unknowingly also getting another grok filter applied.
Thank you, I managed to solve this myself.
How did you solve it?
Sharing may help others in future 
I had a chaos in my config file, I have established new one and this has helped me to fix this problem.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.