we have a custom nginx log that looks like this 172.16.23.132 - [172.16.23.132] - - [30/Apr/2020:20:49:22 +0000] \"GET /health HTTP/2.0\" 200 7 \"-\" \"curl/7.58.0\" 52 0.013 [foobar-apiservice-443] 172.24.12.90:9001 7 0.014 200 foobar and my grok filter looks like this %{IPORHOST:client_ip} - \[…

Grokparsefailure with nginx logs

Badger May 2, 2020, 12:40am 2

My answer to that is here. Start with a pattern that matches the first field on a line, then add one field at a time.

Topic		Replies	Views
_grokparsefailure and I have no idea Logstash	2	246	November 11, 2020
_dateparsefailure in tags Logstash	3	287	August 11, 2020
Issue with double quotes being escaped Beats filebeat	6	3532	July 7, 2016
Getting _grokparsefailure when passing full log files Logstash docker	5	816	October 1, 2021
Parsing logs from Dockerized NGinx Logstash	2	1103	October 4, 2019

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

Grokparsefailure with nginx logs

Related Topics