I'm having issues sending syslog to logstash using filebeat, when logstash received the entry it produces a _grokparsefailure. However if I send directly to ES everything works fine.
My logstash config is http://pastebin.com/si3vPDcE and it includes an example log line that was sent by my beats prospector. I've tested the message against the grok pattern at https://grokdebug.herokuapp.com and everything seems to be good.
Any help would be appreciated.
Thanks.
jwh
mentioning:
@andrewkroh