Don´t see any filtered events in kibana

golauty · February 3, 2016, 9:53am

Hi,

i have a very weird problem. I am sending all my jenkins logs via redis to logstash.
Now every single event that has a grokparsing failure is shown in kibana and the events that i am usually tracking and evalute don´t appear at all. So every grok filtered message just vanishes. There is no log entry in logstash or elasticsearch that i can connect to this problem.

I have follwoing message in elasticsearch:
[DEBUG][action.admin.indices.stats] [Sentry] [indices:monitor/stats] failed to execute operation for shard [[logstash-2016.01.20][4], node[HXKvmdxSTXWvFwPnP-Swdg], [P], v[5], s[INITIALIZING], a[id=uhxHv7TrRpaUpiJb7VcNuA], unassigned_info[[reason=CLUSTER_RECOVERED]

Last week the hole setup run smoothly with no problem.

Does somebody have a clue what could be happened?

golauty · February 5, 2016, 12:11pm

I found the filter that is causing my problem:

date 
 {
     match => ["incidentTime", "YYYY-MM-DD HH:mm:ss,SSS", "ISO8601"]
      target => "@timestamp"
  }

When i have that filter after my grok filter, my events are not shown in kibana.
If i remove the date filter everthing goes back to normal. Has somebody a clue what that can be?