Dissect errors post upgrade


Post upgrade to 6.5.4 from 6.3.2, we are seeing a lot of warnings in the dissect filter.

We are handling these using multiple dissects in conditionals, but the warning messages are often distracting in the log file and I am afraid we are missing out errors or other warnings. Any suggestions on handling these errors or warnings?

[2019-01-06T20:06:27,990][WARN ][org.logstash.dissect.Dissector] Dissector mapping, pattern not found {"field"=>"message", "pattern"=>"%{date} %{time} %{} %{[device][hostname]} %{[device][ip]} %{[web][method]} %{[web][uristem]} %{[web][uri]} %{[src][port]} %{[src][user]} %{[src][ip]} %{[web][version]} %{[web][useragent]} %{[web][cookie]} %{[web][referer]} %{[src][hostname]} %{[web][response_code]} %{} %{[web][win32status]} %{[web][bytes_sent]} %{[web][bytes_received]} %{[web][ttl]}", "event"=>{"@version"=>"1", "tags"=>["webserver", "unparsed", "_dissectfailure"], "@timestamp"=>2019-01-06T14:36:19.904Z, "offset"=>1195988, "beat"=>{"name"=>"FileBeat - 72", "version"=>"6.3.2", "hostname"=>"SIDCBEATS02"}, "prospector"=>{"type"=>"log"}, "input"=>{"type"=>"log"}, "source"=>"data.201901031234500000.1546519203.702473.log", "message"=>"2018-10-31 01:10:43 w3svc1 awds02 post /deviceservices/securechannel.aws/v2 - 443 - http/1.1 agent/ - awds.well.com 200 0 0 234 3064 218"}}


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.