Hi
I have problem with my grok filter.
When i adding new pattern in MATCH section ~ 80% message lost.
I check my filter in grok debugger - it's fine
How i can debug (step by step) my filter?
Can i see how grok work with every message?
I want create synthetic test, for 1000 message, and put out logs to file.
Maybe you recomend somthig else.
p.s. if my investigationv will f*ckup i demonstrate my filter for you)))
You can send the output to stdout.
https://www.elastic.co/guide/en/logstash/current/plugins-outputs-stdout.html
You can tag all documents which dont match your grok filter and improve your expression step-by-step.
https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html#plugins-filters-grok-tag_on_failure
You can take some of your 1000 documents and put it into
https://regexr.com together with your expression.
You could post your GROK Expression with some samples here to get more feedback.
Thank you! Tomorrow, i will test filter and reply!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.