Okay. You have a single grok filter with multiple expressions. With the default true value of break_on_match grok will stop once it gets a match. You need to disable that or split your multi-expression grok filter into two separate filters.
Okay. You have a single grok filter with multiple expressions. With the default true value of break_on_match grok will stop once it gets a match. You need to disable that or split your multi-expression grok filter into two separate filters.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.