we have a custom nginx log that looks like this 172.16.23.132 - [172.16.23.132] - - [30/Apr/2020:20:49:22 +0000] \"GET /health HTTP/2.0\" 200 7 \"-\" \"curl/7.58.0\" 52 0.013 [foobar-apiservice-443] 172.24.12.90:9001 7 0.014 200 foobar and my grok filter looks like this %{IPORHOST:client_ip} - \[…

Grokparsefailure with nginx logs

Badger May 2, 2020, 12:40am 2

My answer to that is here. Start with a pattern that matches the first field on a line, then add one field at a time.

Topic		Replies	Views
_grokparsefailure and I have no idea Logstash	2	247	November 11, 2020
_dateparsefailure in tags Logstash	3	287	August 11, 2020
Issue with double quotes being escaped Beats filebeat	6	3535	July 7, 2016
How to solve grokparsefailure in Logstash Logstash	2	3349	July 6, 2017
Parsing logs from Dockerized NGinx Logstash	2	1106	October 4, 2019

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

Grokparsefailure with nginx logs

Related topics