Grok Filter not being applied

Kevin_Liang · September 8, 2017, 8:09pm

message:
vspp_manager1_log 09/08/17 19:12:55.874 I SESSION 17126 @EGPHCAAAHLLOCLJF Session allocation request: streamer_id 192.168.96.211, initiator /, stb_id , s_mode STATIC, device profile

filter{
if [message] =~ "vspp_manager1_log" {
grok {
match => ["message", '%{NOTSPACE:role} %{DATE_US:timestamp_match} %{TIME:timematch} %{GREEDYDATA:message}']
overwrite => ["message"] }
date {
match => [ "timematch", "HH:mm:ss.SSS"]
target=> "@timestamp"
remove_field => ["timematch"]}}
}

The role and timestamp are not being created. Any ideas?

magnusbaeck · September 11, 2017, 3:47am

Please show an example event that Logstash has processed. Use a stdout { codec => rubydebug } output.

system · October 9, 2017, 3:47am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.