HI, I want to use FileBeat's Dissect processor to handle my log simply, but always report an error. The relevant information is as follows:
Version Info:
elasticsearch: 8.4.2
kibana: 8.4.2
filebeat: 8.4.2
filebeat.yml:
filebeat.inputs:
- type: filestream
enabled: true
id: a9kpfw
index: a9kpfw
paths:
- /tmp/2.log
parsers:
- multiline:
type: pattern
pattern: '^\[[0-9]{2}-[0-9]{2}-[0-9]{4}'
negate: true
match: after
processors:
- drop_fields:
fields: ["ecs", "agent", "log", "input", "host"]
- dissect:
tokenizer: '"[%{timestamp}] [%{thread}] %{level} %{logger}(%{caller}) - %{msg}"'
field: "message"
target_prefix: "a9kpfw"
My log format:
[26-09-2022 10:04:43.491] [http-nio-8080-exec-22] INFO com.xxxxxx.xxxx.service.xxxx.xxxxxxxxxxxxxxxxx:com.xxxxxx.xxxx.service.xxxx.xxxxxxxxxxxxxx.xxxxxxxx(xxxxxxxxxxxx.java:1130) - function:xxxxxx& node:xxxxxx& qqlsh:xxxxxx_xxxxxx& xxxxxx:12345678876543& fjh:2& zdh:1& code:0000& msg:xxxxxxxxxx&
kibana:
I used this tool to analyze patterns, there is no problem.
Please help see what's the problem, thank you
