Hi eveyone;
I have ELK locally. I trying to send my mini log to Elasticsearch.
My pattern is:
2020-11-30 05:52:33,018 [9344] INFO Dile.ServiceProvider.ServiceThread [] - Thread [Core[3u43s3-c403-4fe4-ab87-9bea0c0ab449]:0]: idle check on every 25000ms
My stash conf is:
input {
file {
path => "/opt/log/ICU/*"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
grok {
match => {"message" => "%{GREEDYDATA:logdate} \[%{INT:deger}\] %{LOGLEVEL:loglevel}\s+(?<svctype>%{WORD}.%{WORD}.%{WORD}) \[\] - %{GREEDYDATA:message}"
}
}
date {
match => ["logdate", "YYYY-MM-DD HH:mm:ss,SSS", "YYYY/MM/DD HH:mm:ss,SSS", "ISO8601"]
remove_field => [ "timestamp" ]
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "icu"
}
}```
After start to logstasg service creating to **icu** indices, but its only contain my errors line. (_grokparsefailure)
What'is my problem, and where is my not problematic records? I cannot see them?
Thanks.