Dissector mapping, pattern not found (Jfrog artifactory service logs)

Hello all,

I am having a hard time parsing the JFrog's artifactory-service log with "dissect".
Even after few searches here, I still couldn't figure out what went wrong... Hope that someone could be kind enough to take a look at my filter and point out what I might be missing?

Sample log message:

2021-03-03T23:10:26.645Z [jfrt ] [WARN ] [38d999999] [o.a.s.TaskCallback:205        ] [art-exec-135791    ] - After execute: Could not locate reactive task with token artifactory.ArtifactCleanupJob#4eaaaaaa-b555-4fff-5555-dd2a22222222

And below is my dissect filter:

    dissect {
      mapping => {
        "message" => "%{datetime} [%{arty_thread_name->}] [%{loglevel->}] [%{?someid->}] [%{arty_event_type->}] [%{?otherid->}] – %{long_msg}"

Error message I've been getting:

[[main]>worker0] Dissector - Dissector mapping, pattern not found

I will keep trying different pattern and post my update here if I can figure it out before someone answered this thread :slight_smile:

Also, any good resource for parsing JFrog's artifactory-access/request/service logs are greatly appreciated.

Thank you all in advance!

I gave up on the Dissect, and switched to Grok, this syntax works

    grok {
      match => {
        "message" => "^%{TIMESTAMP_ISO8601:arty_time} \[%{DATA:arty_thread_name}\] \[%{DATA:loglevel}\] \[%{DATA:someID}\] \[%{DATA:arty_event_type}\] \[%{DATA:otherid}\] \- %{GREEDYDATA:syslog_msg}$"
      }
    }

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.