Grok: tag_on_failure is not working and has no effect

Hi there,

I can't get my head around why this snippet successfully groks the message, but neither sets nor removes the tags. I've tried to set a custom tag and also removing all tags (as in the current snippet)

grok { 
  #tag_on_failure => ["grok_https"]
  tag_on_failure => [ ]
  match => { "action" => "\"%{DATA:http_method} %{DATA:http_req} %{DATA:http_version}\"$"}

I'm still getting the tag _grokparsefailure if the pattern fails.
Logstash 7.12.0 with Elasticsearch 7.12.0

Thanks for any indications...

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.