When I have developed my own custom pattern for logstash to parse Cordys error logs(XML Type) , and used %{COMBINEDAPACHELOG} for Apache server log parsing, I am getting the answer perfectly in Grok debugger available online, but not getting the result while running it in my Windows system. It can't parse the logs and shows just the _grokparsefailure tag error. Please help
Hi,
Can you paste a sampleof the logs and the config file where you have the grok filter?
It could be something as simple as a space on the logs or a conditional on the filter.
Noone will be able to tell what the problem is unless you provide more information (what is the version, how do you get the logs, is it just syslog or use filebeat)