Don´t see any filtered events in kibana

golauty · February 3, 2016, 9:53am

Hi,

i have a very weird problem. I am sending all my jenkins logs via redis to logstash.
Now every single event that has a grokparsing failure is shown in kibana and the events that i am usually tracking and evalute don´t appear at all. So every grok filtered message just vanishes. There is no log entry in logstash or elasticsearch that i can connect to this problem.

I have follwoing message in elasticsearch:
[DEBUG][action.admin.indices.stats] [Sentry] [indices:monitor/stats] failed to execute operation for shard [[logstash-2016.01.20][4], node[HXKvmdxSTXWvFwPnP-Swdg], [P], v[5], s[INITIALIZING], a[id=uhxHv7TrRpaUpiJb7VcNuA], unassigned_info[[reason=CLUSTER_RECOVERED]

Last week the hole setup run smoothly with no problem.

Does somebody have a clue what could be happened?

golauty · February 5, 2016, 12:11pm

I found the filter that is causing my problem:

date 
 {
     match => ["incidentTime", "YYYY-MM-DD HH:mm:ss,SSS", "ISO8601"]
      target => "@timestamp"
  }

When i have that filter after my grok filter, my events are not shown in kibana.
If i remove the date filter everthing goes back to normal. Has somebody a clue what that can be?

Topic		Replies	Views
Kibana not showing dictionary output of log events Kibana	13	1443	February 26, 2019
Why is this logstah filter not working as intended? Logstash	2	290	September 13, 2020
Event not displayed in Kibana, displayed in stdout Logstash	1	701	November 10, 2017
Logstash showing only parse failures from log Logstash	5	431	July 6, 2017
Logs not being sent if multiple fields in grok pattern Logstash	2	169	March 7, 2024

Don´t see any filtered events in kibana

Related topics