Hi Elastic Team,
I have a issue when in my grok filter y put first the pattern %{TIMESTAMP_ISO8601}. I share a example:
With %{TIMESTAMP_ISO8601} at first position:
grok Debugger:
I got [1] "_grokparsefailure"
With %{TIMESTAMP_ISO8601} at second position:
grok Debugger:
I got my parser without any problem:
I apreciate your feedback, thanks.
You need to show us the value of [message] that you are matching against.
Please do not post images of text, just post the text itself.
Hi Badger,
Messsage with TIMESTAMP_ISO8601 first: 2021-07-09 15:23:30.000 Adixon
or
Messsage with TIMESTAMP_ISO8601 second: Adixon 2021-07-09 15:23:30.000
Thanks
input { generator { count => 1 lines => [ '2021-07-09 15:23:30.000 Adixon' ] } }
filter {
grok { match => { "message" => "%{TIMESTAMP_ISO8601:date} %{WORD:test}" } }
}
produces
"date" => "2021-07-09 15:23:30.000",
"test" => "Adixon",
so I suspect [message] does not contain what you think it does.
You're totally right Badger, my problem is the source, i use NXLOG for bring date to logstash, and when i search the timestamp i see:
"Message" => "9044436 Adixon"
I mean the timestamp i recived but in number "9044436".
I think that i should see what happen in NXLOG.
Hi team,
As solution, how Badger said, the key was see the message field. I see that the first caracter of the message always came different, example:
The field that i was looking: [7/12/21 15:40:58:862 CLT]
The field that i recieved: 7/12/21 15:40:58:862 CLT]
or
The field that i was looking: 2021-07-09 18:47:30.000 ERROR Adixon
The field that i recieved: 02021-07-09 18:47:30.000 ERROR Adixon
In both cases the first caracter changed and next i just was more carefully seeing first how message came and adapting my grok filter.
Thanks.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.