hi all I have the following log line: {"rule":{"level":12,"comment":"apache error tagged by modsecurity","sidid":130401},"location":"(cli-git) 52.16.98.219->/var/log/apache2/error.log","full_log":"[Tue May 05 09:09:08.901326 2015] [:error] [pid 7085] [client 212.48.71.196] ModSecurity: Warning. P…

Grokparse failure - but grokdebugger works

magnusbaeck (Magnus Bäck) May 7, 2015, 10:43am 4

also shouldn't you be matching on "message" field instead?
and how are you matchin

This should be fine because of codec => json.

Topic		Replies	Views
"_grokparsefailure" even though the grok pattern matches Logstash	9	4463	September 11, 2017
_Grokparsefailure even though pattern works in Grok Debugger Logstash	3	815	October 29, 2018
Filter is not working Logstash	6	1247	July 6, 2017
Grokparse failure mikrotik Logstash	7	3174	December 20, 2017
Grok tests pass, logstash still borks with "_grokparsefailure" Logstash	7	1504	July 6, 2017