Hello,
Log:
2016-05-15 00:00:01,305 fileUtils.py(167): INFO Finished removing hpsp_msaLogRotate from the system.
I get a grokparsefailure for the following:
grok { match => {"message" => "%{TIMESTAMP_ISO8601:timestamp} %{GREEDYDATA:msg}"}
I even tried grok { match => {"message" => "%{DATE:timestamp_d} %{TIME:timestamp_t} %{GREEDYDATA:msg}"}
and grok { match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{HOUR}:%{MINUTE}:%{SECOND} %{GREEDYDATA:msg}"}
All these formats work fine on the grok debugger, but not on my instance of logstash.
Can someone please help me out with it?
Thank you.
Works fine for me:
$ cat test.config
input { stdin { } }
output { stdout { codec => rubydebug } }
filter {
grok {
match => {
"message" => "%{TIMESTAMP_ISO8601:timestamp} %{GREEDYDATA:msg}"
}
}
}
$ echo '2016-05-15 00:00:01,305 fileUtils.py(167): INFO Finished removing hpsp_msaLogRotate from the system.' | /opt/logstash/bin/logstash -f test.config
Settings: Default pipeline workers: 8
Pipeline main started
{
"message" => "2016-05-15 00:00:01,305 fileUtils.py(167): INFO Finished removing hpsp_msaLogRotate from the system.",
"@version" => "1",
"@timestamp" => "2016-06-21T08:59:56.999Z",
"host" => "lnxolofon",
"timestamp" => "2016-05-15 00:00:01,305",
"msg" => "fileUtils.py(167): INFO Finished removing hpsp_msaLogRotate from the system."
}
Pipeline main has been shutdown
stopping pipeline {:id=>"main"}
My configuration file had a semantic error elsewhere, which was causing the error. It works for me now.
Thanks a lot!