Haproxy grokparsefailure

HAPRoxy Logstash Grok Parse Failure

This is my log entry from HAProxy (pfsense haproxy package)

"message": "<142>Apr 27 02:24:00 haproxy[37279]: 162.158.155.249:54250 [27/Apr/2020:02:24:00.173] shared-frontend-merged~ example.com_ipvANY/emaple.com 0/0/192/170/363 200 3411 - - ---- 2/2/0/1/0 0/0 \"GET / HTTP/1.1\"\n",

I have default grok enabled in logstash but i still get log parse failure. is it because the logs have appended syslog header ?

grok {

match => { "message" => "%{HAPROXYHTTP}" }

}

can anyone help me with correct grok ?

Thnaks.
This solved my issue.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.