Grok filter not working to capture filename

Deepthi_V · June 28, 2017, 9:53pm

Hello,

I have a grok filter that looks like below, which I wrote to capture only the filename from the "path" field.

grok {
match => { "path" => "%{GREEDYDATA}/%{GREEDYDATA:filename}.log" }
add_field => { "file" => "%{filename}" }
#tag_on_failure => []
}

But when I run the file, I am getting a _grokparsefailure in the tags and the filename is not getting captured. Can anybody please help me out here as to what mistake I am doing here?

Thanks,
Deepthi

magnusbaeck · June 29, 2017, 5:17am

Please show an example event that Logstash has processed. Use a stdout { codec => rubydebug } output.

system · July 27, 2017, 5:17am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Grok filter not parsing path Logstash	3	562	October 12, 2020
Extracting filename from log.file.path not working Logstash	9	11376	April 2, 2020
Matching log.file.path with Grok Logstash	2	1858	July 1, 2020
Couldn't extract filename from "source" field Logstash	3	1443	July 6, 2017
I want to add a field with filename Logstash	8	3073	February 21, 2018

Grok filter not working to capture filename

Related topics