Hi,
For a requirement I created grok pattern to parse the log contents. When I run the logstash it matches the first occurence of the pattern and displays the output. If once again I copy-paste the log that matches the pattern its doesnot parse the line and aslo does not display any output. It is a multiline grok-pattern
Steps:
- Run the logstash
- make an entry in the log file the lines that matches the pattern.
- In the logstash console it displays the output.
- Make the same copy-paste the same lines in the log-file with minor changes such as change the date value and save the file.
- View the logstash console nothing displays.
Note: If I copy-paste the matching pattern lines or if I put some different log format log entry and again paste the matching pattern lines. Nothing happens. If press CTRL+C it displays all output as grokfailure.
Could anyone guide what I am missing and suggest any suggestions. Below is my Grok pattern and a sample log line
file {
path => "C:/Users/1584674/Downloads/logstash-tutorial/logstash-tutorial-dataset.log"
start_position => "beginning"
ignore_older => 0
sincedb_path => "nil"
type => "javaStackTrace"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601}"
negate => true
what => previous
}
}
}
pattern:
"message"=>"%{TIMESTAMP_ISO8601:timestamp} %{SPACE}[%{LOGLEVEL:loglevel}]%{SPACE}[%{DATA:thread}] %{SPACE}%{JAVACLASS:exceptiontypeclass} - %{DATA:logmessage}\n%{GREEDYDATA:Exception}%{SPACE}(?m)%{JAVASTACKTRACEPART}"
Sample log (Matching):
2019-01-09 15:00:05.800 [ERROR] [http-nio-9096-exec-1] com.mcs.exapmle.exception.GlobalExceptionFacade - Application encountered as unexpected error
java.lang.NullPointerException: null
at com.mcs.exapmle.service.impl.DashboardOverviewServiceImpl.mcstBusinessSpend(DashboardOverviewServiceImpl.java:2149) ~[bin/:?]
Non-matching:
2019-01-09 15:00:03.724 [INFO ] [pool-3-thread-4] com.mcs.exapmle.service.impl.CallableDashboard - Query to retrieve Discount participation