Grok filter not parsing path

Renato · September 11, 2020, 1:26pm

Hello,

i would like to retrieve only the name of my log file, but my grok filter doesn't work. When i put it in grok debugger it works without any problems, also logstash doesn't report any error, i just get tag grokparsefailure .

filter {
    grok {
#       break_on_match => false
#       match => { "message" => "%{SYSLOG5424SD:logtimestamp} %{GREEDYDATA:errorlog}" }
        match => { "path" => "%{URIPATH}/channel-%{WORD:channel}.log" }

    }
  }

My path is (copied from elasticsearch):
log.file.path /var/logs/channel-SMTH.log

I want my result to be only:
{
"channel": "SMTH"
}

Anyone have any idea what i did wrong?

Badger · September 11, 2020, 1:41pm

You would need to do the match to "[log][file][path]", not just "path".

Renato · September 14, 2020, 7:39am

Thank you, it works now.

system · October 12, 2020, 7:39am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Grok filter not working to capture filename Logstash	2	1796	July 27, 2017
My grok fikter dont work Logstash	7	366	August 10, 2018
Grok filter log Logstash	8	467	July 4, 2018
Grok issues Logstash	6	319	January 20, 2020
Extract path in logstash Logstash	3	366	June 1, 2020

Grok filter not parsing path

Related topics