I'm parsing an Execution log and trying to assign different types based on which type of log entry a given line is. Facing Error while execution. not sure what is the issue in filter, can anyone help me on this
filter {
grok {
break_on_match => false
match => {"message" => "[%{TIMESTAMP_ISO8601:rundeck_ex_timestamp}] %{USERNAME:rundeck_ex_user} %{WORD:rundeck_ex_action} [%{NUMBER:rundeck_ex_id:int}:%{WORD:rundeck_ex_return}] %{DATA:rundeck_ex_project} %{USERNAME:rundeck_ex_user}/- \"%{DATA:rundeck_ex_jobname}\"[%{DATA:rundeck_ex_jobid}]"}
match => {"message" => "[%{TIMESTAMP_ISO8601:rundeck_ex_timestamp}] %{USERNAME:rundeck_ex_user} %{WORD:rundeck_ex_action} [%{NUMBER:rundeck_ex_id:int}:%{WORD:rundeck_ex_return}] %{DATA:rundeck_ex_project} %{USERNAME:rundeck_ex_user}/- "%{DATA:rundeck_ex_jobname}"[%{DATA:rundeck_ex_jobid}]"}
remove_field => [ "message" ]
}
if "_grokparsefailure" in [tags] {
drop {}
}
}
Failed to execute action {:id=>:Rundeck, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Expected one of #, {, } at line 12, column 253 (byte 700) after filter {\r\n grok {\r\n break_on_match => false\r\n match => {"message" => "\[%{TIMESTAMP_ISO8601:rundeck_ex_timestamp}\] %{USERNAME:rundeck_ex_user} %{WORD:rundeck_ex_action} \[%{NUMBER:rundeck_ex_id:int}:%{WORD:rundeck_ex_return}\] %{DATA:rundeck_ex_project} %{USERNAME:rundeck_ex_user}/- \\"%{DATA:rundeck_ex_jobname}\\"\[%{DATA:rundeck_ex_jobid}\]"}\r\n match => {"message" => "\[%{TIMESTAMP_ISO8601:rundeck_ex_timestamp}\] %{USERNAME:rundeck_ex_user} %{WORD:rundeck_ex_action} \[%{NUMBER:rundeck_ex_id:int}:%{WORD:rundeck_ex_return}\] %{DATA:rundeck_ex_project} %{USERNAME:rundeck_ex_user}/- "", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:42:in compile_imperative'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:50:incompile_graph'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:12:in block in compile_sources'", "org/jruby/RubyArray.java:2486:inmap'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:11:in compile_sources'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:51:ininitialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/reload.rb:34:in execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:335:inblock in converge_state'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:141:in with_pipelines'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:332:inblock in converge_state'", "org/jruby/RubyArray.java:1734:in each'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:319:inconverge_state'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:166:in block in converge_state_and_update'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:141:inwith_pipelines'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:164:in converge_state_and_update'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:105:inblock in execute'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/interval.rb:18:in interval'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:94:inexecute'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:343:in block in execute'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:24:inblock in initialize'"]}