my input file as:
file{
path => ["/home/11thone/caselog/logmonster///IPDU*/GtpSnapshot*.log",
"/home/11thone/caselog/logmonster///IPDU*/mmeDiameter*.log",
"/home/11thone/caselog/logmonster///IPDU*/s1snapshot*.log"]
type => "ipdu"
discover_interval => 15
start_position => "beginning"
sincedb_path => "/home/11thone/elk/logstash/sincedbpath/fnsipdu.txt"
sincedb_write_interval => 15
}
my filter file as follow:
filter{
dissect {
mapping => {"message" => "%{LogDate} - %{CaseName} - %{MMEName} - %{Release} - %{UnitName} - %{MessageType} - %{MessageName}:%{Count}"}
}
my output is
output{
stdout { codec => rubydebug }
}
and my data file has only two lines as:
2019-05-02 09:25:53 - CAS-32456-K7H8 - MME - NS17.5 - IPDU-0 - S1ap message statistics - Third and Above Level Pagings Sent:0
and the excute result as:
[2019-02-07T01:01:00,014][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2019-02-07T01:01:16,064][WARN ][org.logstash.dissect.Dissector] Dissector mapping, field not found in event {"field"=>"message", "event"=>{"@timestamp"=>2019-02-06T17:01:00.057Z, "type"=>"ipdu"}}
[2019-02-07T01:01:16,067][WARN ][org.logstash.dissect.Dissector] Dissector mapping, field not found in event {"field"=>"message", "event"=>{"@timestamp"=>2019-02-06T17:01:00.121Z, "type"=>"ipdu"}}
/home/11thone/elk/logstash/vendor/bundle/jruby/2.5.0/gems/awesome_print-1.7.0/lib/awesome_print/formatters/base_formatter.rb:31: warning: constant ::Fixnum is deprecated
{
"@timestamp" => 2019-02-06T17:01:00.057Z,
"type" => "ipdu"
}
{
"@timestamp" => 2019-02-06T17:01:00.121Z,
"type" => "ipdu"
}
I can not find any error related to "Dissector mapping, field not found in event". does it a bug?
is there anyone faced this issue as well?