About FileBeat Dissect processor

aluopy · September 26, 2022, 7:25am

HI, I want to use FileBeat's Dissect processor to handle my log simply, but always report an error. The relevant information is as follows:

Version Info:

elasticsearch: 8.4.2
kibana: 8.4.2
filebeat: 8.4.2

filebeat.yml:

filebeat.inputs:
- type: filestream
  enabled: true
  id: a9kpfw
  index: a9kpfw
  paths:
    - /tmp/2.log
  parsers:
    - multiline:
        type: pattern
        pattern: '^\[[0-9]{2}-[0-9]{2}-[0-9]{4}'
        negate: true
        match: after
processors:
  - drop_fields:
      fields: ["ecs", "agent", "log", "input", "host"]
  - dissect:
      tokenizer: '"[%{timestamp}] [%{thread}] %{level}  %{logger}(%{caller}) - %{msg}"'
      field: "message"
      target_prefix: "a9kpfw"

My log format:

[26-09-2022 10:04:43.491] [http-nio-8080-exec-22] INFO  com.xxxxxx.xxxx.service.xxxx.xxxxxxxxxxxxxxxxx:com.xxxxxx.xxxx.service.xxxx.xxxxxxxxxxxxxx.xxxxxxxx(xxxxxxxxxxxx.java:1130) - function:xxxxxx& node:xxxxxx& qqlsh:xxxxxx_xxxxxx& xxxxxx:12345678876543& fjh:2& zdh:1& code:0000& msg:xxxxxxxxxx&

kibana:

I used this tool to analyze patterns, there is no problem.

Please help see what's the problem, thank you

aluopy · September 30, 2022, 8:02am

Just remove the order number

tokenizer: "[%{timestamp}] [%{thread}] %{level}  %{logger}(%{caller}) - %{msg}"

system · October 28, 2022, 10:03am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat dissect processor does nothing Beats filebeat	1	529	June 27, 2021
Timestamp - Filebeat Beats filebeat	8	3991	May 25, 2021
Filebeat dissect processed logs not appearing in Kibana Kibana	5	1331	September 15, 2020
Logviewing - Filebeat Beats filebeat	1	200	May 18, 2021
Parsing logs filebeat Beats filebeat	4	774	June 2, 2021

About FileBeat Dissect processor

Related topics