Grok filter not working to capture filename

Deepthi_V · June 28, 2017, 9:53pm

Hello,

I have a grok filter that looks like below, which I wrote to capture only the filename from the "path" field.

grok {
match => { "path" => "%{GREEDYDATA}/%{GREEDYDATA:filename}.log" }
add_field => { "file" => "%{filename}" }
#tag_on_failure => []
}

But when I run the file, I am getting a _grokparsefailure in the tags and the filename is not getting captured. Can anybody please help me out here as to what mistake I am doing here?

Thanks,
Deepthi

magnusbaeck · June 29, 2017, 5:17am

Please show an example event that Logstash has processed. Use a stdout { codec => rubydebug } output.

system · July 27, 2017, 5:17am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.