Не работает grok filter
grok {
match => {
"message" => [
"%{POSTFIX_MSG_ID:taskid}: client=(?<client_hostname>[^]]+)[%{IP:client_ip}]",
"%{POSTFIX_MSG_ID:taskid}: message-id=<(?<message_id>[^>]+)>.",
"%{POSTFIX_MSG_ID:taskid}: from=<(?<from_mail>[^>]+)>, size=%{INT:size}, nrcpt=%{INT:nrcpt}.",
"%{POSTFIX_MSG_ID:taskid}: to=<(?<to_mail>[^>]+)>,.* relay=%{NOTSPACE:relay},.* status=%{NOTSPACE:status} ((?<status_msg>.+)).*",
"%{POSTFIX_MSG_ID:taskid}: removed"
]
}
}
В дебаге выдает no match
если в дебаге сделать %{POSTFIX_MSG_ID:taskid}: removed
то все находит то что надо
I don't think that this is a valid built-in grok pattern. If you have an example of the log message then I can help you craft a pattern that will match
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.