I am facing issues while trying to parse this log. I have tried multiple options but nothing seems to work. No error message in the logs, except for this tag in the records. Can you please help with what I am missing here?
Auto route reason : {"opportunityId":"0042f00000Kttt","accountNumber":"999999999999999","agId":"0051H0001111IWYqTTT","division":"US","errorCode":"EC-109","errorName":"GetDetails Not Found","errorDescription":"SiteDetails Not Found"}
If by structured data you mean the output, I need the values of each of the fields from the log. Like OpportunityId, errorName etc as sperate fields with there respective values.
Can you explain more what this means? Is the data created in Elasticsearch but it has the wrong structure? Or does it only work when the log message matches /Auto route reason/?
When is it working? When is it not working? How do you define working?
I have gone through different patterns and tried them as well. In the above example I have given as GreedyMessage, as I alteast want to see If any field is created correctly.
And with respect to this "No error message in the logs, except for this tag in the records."
So the records with the content 'Auto route reason' do get created correctly. However, the problem is grok is not prased correctly for those records and the individual fields like opportunityId or Greedymessage are not created on the records.
When I use the GrokDebugger tool to test the grok pattern, It works for me. Thus I am expecting the pattern to work in the pipeline as well.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
