i have a log file which looks like this:
2015-10-19 11:15:11 TRACE message start
2015-10-19 11:15:11 INFO booting complete!
2015-10-19 11:15:11 INFO booting complete!
2015-10-19 11:15:11 INFO booting complete!
2015-10-19 11:15:11 INFO booting complete!
2015-10-19 11:15:11 DEBUG duplicate class!
2015-10-19 11:15:11 ERROR NumberFormatException!
2015-10-19 11:15:11 DEBUG duplicate class!
2015-10-19 11:15:11 ERROR NumberFormatException!
2015-10-19 11:15:11 DEBUG duplicate class!
2015-10-19 11:15:11 ERROR NumberFormatException!
2015-10-19 11:15:11 DEBUG duplicate class!
2015-10-19 11:15:11 ERROR NumberFormatException!
2015-10-19 11:15:11 FATAL message end
and my config file is:
input {
file {
path => "C:\Users\egupanm\csv\log1.log"
start_position => "beginning"
}}
filter {
grok {
match => [ "message" , "%{TIMESTAMP_ISO8601:time_request}%{SPACE}[%{GREEDYDATA:level}]%{SPACE}%{WORD:threadid}%{SPACE}message start" ]
add_tag => [ "transactionstarted" ]
}
grok {
match => [ "message" , "%{TIMESTAMP_ISO8601:time_request}%{SPACE}[%{GREEDYDATA:level}]%{SPACE}%{WORD:threadid}%{SPACE}message end" ]
add_tag => [ "transactionended" ]
}
elapsed
{
start_tag => "transactionstarted"
end_tag => "transactionended"
unique_id_field => "threadid"
}}
output
{
stdout {
codec => rubydebug{}
}
elasticsearch
{ cluster =>"elastic"
action => "index"
host => "localhost"
index => "mmd"
}}
But ia m getting _grokparsefailure