Grok filter not working (but ok in herokuapp). It even prints nothing in the output

JeremyLG · November 28, 2017, 2:17pm

Hey,

I have seen that multiple people had my problem, but I can't seem to find why did I do wrong. Can someone explain me why this doesn't work.

Log example :

Jun 2 00:00:00 192.168.14.4 date=2016-06-01 time=23:56:05 devname=POPB-FW-01 devid=FG1K2D3I14800220 logid=1059028704 type=utm subtype=app-ctrl eventtype=app-ctrl-all level=information vd="root" appid=40568 user="" srcip=10.20.4.35 srcport=52438 srcintf="VRF-PUBLIC" dstip=125.209.230.238 dstport=443 dstintf="OUT" proto=6 service="HTTPS" sessionid=424666004 applist="Monitor-all" appcat="Web.Others" app="HTTPS.BROWSER" action=pass hostname="lcs.naver.com" url="/" msg="Web.Others: HTTPS.BROWSER," apprisk=medium

Code Logstash :

input {
    file {
        path => "C:/Users/huhu/Documents/Arena/temp.txt"
        start_position => "beginning"
    }
}

filter {
	grok {
	match => {
		"message" => "%{SYSLOGTIMESTAMP:timestamp}"
		}
	}
}

output {

   stdout { codec => rubydebug }

}

Thanks in advance

system · December 27, 2017, 9:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.