Hi,
I am using the below filter to parse my log file.
if [mesg] == "ERROR" {
#This is prod tomcat log format
grok { match => { "mesg" => [ "^\s?[%{DATA:loglevel}] %{TIMESTAMP_ISO8601:logts} [%{DATA:threadname}] %{DATA:podname} %{DATA:filler1} [%{DATA:classname}] %{GREEDYDATA:fullmesg}"]}}}
else{
grok{
match=> { "mesg" => [
"^(\s)+(?%{DATA}Exception)[:\s]+(?%{DATA}$)"
]
} }
}
The below is the logs that I am parsing:-
message":"[ERROR] 2021-08-04T15:27:12.700 [pool-2-thread-44380] linkaadhaarconsumerdeployment-69d9858458-nnzpj - [i.i.i.k.c.l.p.ConsumerProcessor] :: ITDRuntimeException is caught with error code: ITD-EXEC2003 and DevMessage: null and UserMessage: Due to some technical error not able to process.Please check corresponding class ",
"message":"\t and error code ITD-EXEC2003 and stacktrace: ingov.itd.iec.exception.ITDRuntimeException: Due to some technical error not able to process.Please check corresponding class
"message":" and the possible root cause is java.lang.NullPointerException at 1628071038920 with objectarray values as "
"message":"\t and error code ITD-EXEC2003 and stacktrace: java.lang.NullPointerException"
"message":"\tat org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:747)"
It is parsing the logs but also throwing the below mentioned error:
[2021-08-11T13:29:58,475][ERROR][logstash.filters.aggregate][main][3a046cd6e4d76d8f3808dd3565ae9ff736047ca3b85c4ff90e5f9259e7e3f0c7] Aggregate exception occurred {:error=>#<TypeError: wrong argument type NilClass (expected LogStash::Timestamp)>, :code=>"event.set('@timestamp', map['tmplogts'])", :map=>{}, :event_data=>{"exception"=>"and error code ITD-EXEC2003 and stacktrace: ingov.itd.iec.exception.ITDRuntimeException", "trace"=>"Due to some technical error not able to process.Please check corresponding class ", "logpath"=>"", "@timestamp"=>2021-08-11T07:59:58.106Z, "@metadata"=>{"path"=>"D:/new2.log", "host"=>""}, "host"=>"", "deployment"=>""}}