Hi there,
I can't get my head around why this snippet successfully groks the message, but neither sets nor removes the tags. I've tried to set a custom tag and also removing all tags (as in the current snippet)
grok {
#tag_on_failure => ["grok_https"]
tag_on_failure => [ ]
match => { "action" => "\"%{DATA:http_method} %{DATA:http_req} %{DATA:http_version}\"$"}
}
I'm still getting the tag _grokparsefailure if the pattern fails.
Logstash 7.12.0 with Elasticsearch 7.12.0
Thanks for any indications...