when i process multiple type of logs by grok parser ,if the one of logline is not matched with the filter parser ,then i am excepting that it should be come grok parser faliure ,but it comes grok timeout warning in Logstash logs.
if its coming grok timeout why it takes so longer time?can i reduce the process time ,then its return warnings in logs.
The grok timeout can be caused by:
I would check by this order. Sometimes is better to go for another plugin, if is possible. The default timeout is 30 sec, however anything above 3-5 sec in case of plain lines is a signal for the optimization.
In your case, it's hard to say without sample messageS and grok patternS which you use.
Also, anchor your patterns. Read this blog post.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.