Dissect_parsing_error for Apache Tomcat Integration

Hello everyone,

I'm running 3 node Elasticsearch Cluster with ES Version 8.3.3.
Elastic Agent is running with same version on Ubuntu 18.04.6 and trying to collect logs from Apache Tomcat 8.5.24 by reading catalina.out file.
When i look at the ingested data i have standard metadata (with host os information, AWS AMI information etc etc) and log.flags field contains dissect_parsing_error for each and every line of log.
When i try to filter out dissect_parsing_error i get 0 results.

Log file is something like this

2022-09-25 06:45:41.259 DEBUG 14556 --- [o-8443-exec-113] c.a.d.p.security.UserDetailsServiceImpl  : Method-[UserDetails com.foo.barpoi.security.UserDetailsServiceImpl.loadUserByUsername(String)] Input-[baz]
2022-09-25 06:51:39.949 DEBUG 14556 --- [o-8443-exec-120] c.a.d.p.w.resources.PoiReleaseResources  : Method-[PoiReleaseDTO com.foo.bar.poi.web.resources.PoiReleaseResources.getLocalizationRelease(String,String,Principal)] Input-[baz, null, org.springframework.security.authentication.UsernamePasswordAuthenticationToken@9439fff1: Principal: taz Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@7798: RemoteIpAddress: laz; SessionId: null; Granted Authorities: ROLE_API_USER]

Could it be due to some different formatting than what grok pattern would expect?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.