Dissect message playground

Hi community,

I searched some playground for dissecting a log message but I was unable to find it, and so I always receive dissect error.

The filebeat configuration is:

filebeat.inputs:
  - type: log
    paths:
      - /home/auto/instroot/*.log
    tail_files: true
    recursive_glob.enabled: true
#    processors:
#      - dissect:
#          tokenizer: '%{service.date} %{service.time} - %{service.level}  [%{service.id}] (%{service.class}) - %{service.message}'
#          field: "message"

output.kafka:
  # initial brokers for reading cluster metadata
  hosts: ${KAFKA_CLUSTER}

  # message topic selection + partitioning
  topic: 'mytopic'
  partition.round_robin:
    reachable_only: false

  required_acks: 1
  compression: gzip
  max_message_bytes: 1000000

The message example is:

2021-03-24 12:43:00,632 - WARN  [qtp300128885-10294] (TreeLockImpl) - Received a return request for token TreeLock, but it is not outstanding

I found this site for testing dissect patterns:

https://dissect-tester.jorgelbg.me/

the pattern seems to work

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.