Haproxy module with master version

(Rémi Desgrange) #1


I compiled filebeat from master (go get + make) and it works. I launch filebeat with the haproxy module. The conf is:

  • module: haproxy
    enabled: true
    var.input: "file"
    var.paths: ["/var/log/haproxy.log"]

The haproxy is from debian repo, v1.5.8. The only thing that I have about log in my haproxy.cfg is

   log /dev/log    local0
   log /dev/log    local1 notice

In elasticsearch I have this error:

Provided Grok expressions do not match field value: [Sep 11 10:43:06 pompom haproxy[666]: - - [11/Sep/2018:08:43:06 +0000] \\\"GET / HTTP/1.1\\\" 200 457 \\\\\\\"\\\\\\\" \\\\\\\"\\\\\\\" 42070 \\\\098 \\\"https~\\\" \\\"vm-abc\\\" \\\"vm-abc\\\" \\\\86 0 1 15 104 ---- 1 1 \\\\0 1 0 0 0 \\\"\\\" \\\"\\\" \\\\ ]

I know that haproxy is still alpha, do you think it worth opening an issue in github ?

(Pier-Hugues Pellerin) #2

@pollux it's worth creating a new issue with your log attached.

I think our grok patterns are not general enough to support every case.

(Rémi Desgrange) #3

In this case, this is the standard logs from haproxy (debian-packaged) I don't know if debian change anything to the default config (this is sad but it could).

Issue: https://github.com/elastic/beats/issues/8301

(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.