Constant warnings in logstash-plain.log

What are this constant warnings in logstash-plain.log:

[2018-01-25T18:38:13,210][WARN ][org.logstash.dissect.Dissector] Dissector mapping, field found in event but it was empty {"field"=>"message", "event"=>{"span-name"=>"", "tags"=>["preprod_log", "beats_input_codec_plain_applied"], "client"=>"", "message"=>"2018-01-25 18:39:07.903 DEBUG [main] s.d.s.w.r.o.OperationResponseReader [?] [app=] [host=] [span-name=] [trace-id=] [span-id=] [sys=] [prn=] [comp_name=] [comp_ver=] [client=] Setting spring response class to:Map«string,object»", "sys"=>"", "offset"=>73891897, "@version"=>"1", "preprod-api.example.com"=>"", "span-id"=>"", "comp_name"=>"", "source"=>"/var/log/api-01/api.log", "host"=>"preprod-api.example.com", "logger"=>"s.d.s.w.r.o.OperationResponseReader", "log_level"=>"DEBUG", "log_date"=>"2018-01-25 18:39:07.903", "msg_body"=>"Setting spring response class to:Map«string,object»", "prn"=>"", "file"=>"?", "trace-id"=>"", "beat"=>{"name"=>"preprod-api.example.com", "version"=>"6.1.0", "hostname"=>"preprod-api.example.com"}, "app"=>"", "comp_ver"=>"", "prospector"=>{"type"=>"log"}, "@timestamp"=>2018-01-25T15:39:08.627Z, "thread"=>"main"}}

logstash.conf Filter is

filter {
dissect {
mapping => {"message" => "%{log_date} %{+log_date} %{log_level} [%{thread}] %{logger} [%{file}] [%{?app}=%{&app}] [%{?host}=%{&host}] [%{?span-name}=%{&span-name}] [%{?trace-id}=%{&trace-id}] [%{?span-id}=%{&span-id}] [%{?sys}=%{&sys}] [%{?prn}=%{&prn}] [%{?comp_name}=%{&comp_name}] [%{?comp_ver}=%{&comp_ver}] [%{?client}=%{&client}] %{msg_body}"}
}

  date {
    match => [ "log_date", "yyyy-MM-dd HH:mm:ss.SSS" ]
    target => [ "@timestamp" ]
    remove_field => ["log_date"]
       }

    }

Not sure if exactly this thing helped, but I added this to "/etc/filebeat/filebeat.yml":

processors:

• drop_fields:
  fields: ["beat.hostname", "beat.name", "beat.version", "prospector.type"]

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.