Elasticsearch ingest pipeline for postgresql module doesn't appear to parse postgresql 10 logs. This is with filebeat-7.15.0 and associated ingest pipelines under elasticsearch-7.14.1.
We're using Postgresql 10. The following log entry:
2021-10-25 10:38:30.009 CDT [15176] postgres_user postgres PerMin:server001Test001 10.121.192.106(50637) LOG: AUDIT: SESSION,1950,1,MISC,UNKNOWN,VIEW,public.pg_stat_statements,"select query, sum(calls) as calls, cast(sum(total_time * 1000) as bigint) as total_time, sum(rows) as rows, sum(shared_blks_hit) as shared_blks_hit, sum(shared_blks_read) as shared_blks_read, sum(shared_blks_written) as shared_blks_written from pg_stat_statements group by query, dbid",<none>
generates the following error:
Provided Grok expressions do not match field value: [[15176] postgres_user postgres PerMin:server001Test001 10.121.192.106(50637) LOG: AUDIT: SESSION,1950,1,MISC,UNKNOWN,VIEW,public.pg_stat_statements,\"select query, sum(calls) as calls, cast(sum(total_time * 1000) as bigint) as total_time, sum(rows) as rows, sum(shared_blks_hit) as shared_blks_hit, sum(shared_blks_read) as shared_blks_read, sum(shared_blks_written) as shared_blks_written from pg_stat_statements group by query, dbid\",<none>]