Grok filter not parsing path

Renato · September 11, 2020, 1:26pm

Hello,

i would like to retrieve only the name of my log file, but my grok filter doesn't work. When i put it in grok debugger it works without any problems, also logstash doesn't report any error, i just get tag grokparsefailure .

filter {
    grok {
#       break_on_match => false
#       match => { "message" => "%{SYSLOG5424SD:logtimestamp} %{GREEDYDATA:errorlog}" }
        match => { "path" => "%{URIPATH}/channel-%{WORD:channel}.log" }

    }
  }

My path is (copied from elasticsearch):
log.file.path /var/logs/channel-SMTH.log

I want my result to be only:
{
"channel": "SMTH"
}

Anyone have any idea what i did wrong?

Badger · September 11, 2020, 1:41pm

You would need to do the match to "[log][file][path]", not just "path".

Renato · September 14, 2020, 7:39am

Thank you, it works now.

system · October 12, 2020, 7:39am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Matching log.file.path with Grok Logstash	2	1846	July 1, 2020
Grok parse failures Logstash	4	286	December 29, 2020
Extract path in logstash Logstash	3	366	June 1, 2020
Grokparse failure even grok debugger fine Logstash	9	228	September 1, 2023
Multiline grok filter not working with specific log Logstash	3	250	April 4, 2022

Grok filter not parsing path

Related Topics