Grok parsing syslog error

DanielE · August 2, 2018, 11:45am

i removed the grok pattern in the filter conf. Now i only have a small grok in the input conf

input {
  syslog {
      port => 5000
      syslog_field => "syslog"
      grok_pattern => "<%{POSINT:syslog_pri}>"
      tags => "syslog"
      add_field => {
          "origin" => "syslog"
      }
  }
}

Now i´m only getting _grokparsefailure_sysloginput but still no syslog_pri in my log.

Topic		Replies	Views
Groking syslog, seem to be getting a match but still getting _grokparsefailure Logstash	8	4416	July 6, 2017
_grokparsefailure_syslog but grok filter perfectly from stdin Logstash	3	1079	July 6, 2017
Logstash syslog _grokparsefailure errors Logstash	2	1322	June 11, 2019
Grok in realtime fails but in Debuuger works happy Logstash	15	4540	July 6, 2017
Grok parse failure after successful debug Logstash	6	6573	July 6, 2017

Grok parsing syslog error

Related topics