I want to import a log file using Data Visualizer. The first few lines are as follows:
Aug 4 12:05:25 gavin daemon.notice openvpn[843]: TCP/UDP: Closing socket
Aug 4 12:05:25 gavin daemon.notice openvpn[843]: SIGUSR1[soft,connection-reset] received, process restarting
Aug 4 12:05:25 gavin daemon.notice openvpn[843]: Restart pause, 5 second(s)
The initial load fails to recognise the structure, so I tried the overide settings with Grok of
%{CISCOTIMESTAMP:timestamp}%{GREEDYDATA:myText}
basically just to get a date and the rest of the message.
Unfortunately, it won't pickup the Time Field in the later dropdown or determine the file structure thereafter. It will identify the fields in the Dev Tools > Grok debugger
Hi Aaron,
I'm trying to load from Data Visualizer > Visualize data from a log file, so no mappings are defined yet. I still get the "x File structure cannot be determined" even after providing the Grok. From the "Apply override settings" control box I can't get it to pickup that the Grok declares a field to use as timestamp.
Ahh. By structure I think it's talking about the structure of the file. I think you fall under the last category but I would ensure the file is structured properly.
Delimited text files, such as CSV and TSV
Newline-delimited JSON
Log files with a common format for the timestamp
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.