Config Error : configuration is invalid. Reason: Expected one of #, =>

Markandayan_P · June 2, 2019, 6:10pm

Here is my logstash configuration

filter {
grok {
	match => {
		"message" => { '%{DATA:req_id} %{IPV4:host} %{DATA:machine_name} %{DATA:location} %{DATA:zuid} %{DATA:zoid} %{DATA:thread_id} %{DATA:class_name} %{DATA:method} %{DATA:level} %{DATA:timestamp} %{DATA:zl_thread_id} %{DATA:message}' }
	}
}
date {
	match => [ "timestamp" , "dd-MM-yyyy HH:mm:ss Z" ]
}
mutate {
remove_field => ["@version" ,"req_id" ,"host" ,"machine_name" ,"location" ,"zuid" ,"zoid" ,"zl_thread_id"] } }

Error Message
[2019-06-02T23:35:21,738][FATAL][logstash.runner ] The given configuration is invalid. Reason: Expected one of #, => at line 10, column 234 (byte 367) after filter {
grok {
match => {
"message" => { '%{DATA:req_id} %{IPV4:host} %{DATA:machine_name} %{DATA:location} %{DATA:zuid} %{DATA:zoid} %{DATA:thread_id} %{DATA:class_name} %{DATA:method} %{DATA:level} %{DATA:timestamp} %{DATA:zl_thread_id} %{DATA:message}'
[2019-06-02T23:35:21,752][ERROR][org.logstash.Logstash ] java.lang.IllegalStateException: Logstash stopped processing because of an error: (SystemExit) exit

Christian_Dahlqvist · June 3, 2019, 5:49am

The message parameter in the grok filter should be a string or a list of strings, so you should not have any curly braces there.

pastechecker · June 3, 2019, 6:25am

grok {
match => {
"message" => "%{DATA:req_id} %{IPV4:host} %{DATA:machine_name} %{DATA:location} %{DATA:zuid} %{DATA:zoid} %{DATA:thread_id} %{DATA:class_name} %{DATA:method} %{DATA:level} %{DATA:timestamp} %{DATA:zl_thread_id} %{DATA:message}"
}
}

Christian_Dahlqvist · June 3, 2019, 7:12am

You still have curly braces. Look at the examples in the documentation.

system · July 1, 2019, 7:12am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.