Grok parse failure for django logs

This is 1 of my log entries,

INFO 2017-05-16 17:24:11,690 views 14463 139643033982720 https://play.google.com/store/apps/details?id=com.VoDrive&referrer=referral_code%3DP5E

This is my pattern ,

DJANGOTIMESTAMP %{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{HOUR}:%{MINUTE}:%{SECOND}

DJANGOLOG %{LOGLEVEL:loglevel} %{DJANGOTIMESTAMP:timestamp},{INT:pid} %{WORD:origin} %{INT:id} %{INT:number} %{GREEDYDATA:action}

This is my logstash conf file,

    if[type] == "django" {
        grok {
         patterns_dir => ["/opt/logstash/patterns/"]
         match => [ "message" , "%{DJANGOLOG}" ]
        overwrite => [ "message" ]
        }
    }

But still this parser fails, what is wrong here ?

What am I lacking ? @magnusbaeck help ?

A quick glance says your timestamp is not correct, it's missing milliseconds.

Please don't do that. Magnus volunteers his time here and you wanting an answer doesn't mean you can just summon him as desired.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.