pollux
(Rémi Desgrange)
September 11, 2018, 9:01am
1
HI,
I compiled filebeat from master (go get + make) and it works. I launch filebeat with the haproxy module. The conf is:
module: haproxy
http:
enabled: true
var.input: "file"
var.paths: ["/var/log/haproxy.log"]
The haproxy is from debian repo, v1.5.8. The only thing that I have about log in my haproxy.cfg is
global
log /dev/log local0
log /dev/log local1 notice
In elasticsearch I have this error:
Provided Grok expressions do not match field value: [Sep 11 10:43:06 pompom haproxy[666]: 8.8.8.8 - - [11/Sep/2018:08:43:06 +0000] \\\"GET / HTTP/1.1\\\" 200 457 \\\\\\\"\\\\\\\" \\\\\\\"\\\\\\\" 42070 \\\\098 \\\"https~\\\" \\\"vm-abc\\\" \\\"vm-abc\\\" \\\\86 0 1 15 104 ---- 1 1 \\\\0 1 0 0 0 \\\"\\\" \\\"\\\" \\\\ ]
I know that haproxy is still alpha, do you think it worth opening an issue in github ?
pierhugues
(Pier-Hugues Pellerin)
September 11, 2018, 3:35pm
2
@pollux it's worth creating a new issue with your log attached.
I think our grok patterns are not general enough to support every case.
"(%{NOTSPACE:haproxy.process_name}\\[%{NUMBER:haproxy.pid:int}\\]: )?%{IP:haproxy.client_ip}:%{NUMBER:haproxy.client_port:int} \\[%{NOTSPACE:haproxy.http.request_date}\\] %{NOTSPACE:haproxy.frontend_name} %{NOTSPACE:haproxy.backend_name}/%{NOTSPACE:haproxy.server_name} %{NUMBER:haproxy.time_client_req:int}/%{NUMBER:haproxy.time_queue:int}/%{NUMBER:haproxy.time_backend_connect:int}/%{NUMBER:haproxy.time_server_response:int}/%{NUMBER:haproxy.time_duration:int} %{NUMBER:haproxy.http.response.status_code:int} %{NUMBER:haproxy.http.response.bytes_read:int} %{NOTSPACE:haproxy.http.request.captured_cookie} %{NOTSPACE:haproxy.http.response.captured_cookie} %{NOTSPACE:haproxy.termination_state} %{NUMBER:haproxy.connections.active:int}/%{NUMBER:haproxy.connections.frontend:int}/%{NUMBER:haproxy.connections.backend:int}/%{NUMBER:haproxy.connections.server:int}/%{NUMBER:haproxy.connections.retries:int} %{NUMBER:haproxy.server_queue:int}/%{NUMBER:haproxy.backend_queue:int} \\{%{DATA:haproxy.http.request.captured_headers}\\} \\{%{DATA:haproxy.http.response.captured_headers}\\} \"%{GREEDYDATA:haproxy.http.request.raw_request_line}\"",
"(%{NOTSPACE:haproxy.process_name}\\[%{NUMBER:haproxy.pid:int}\\]: )?%{IP:haproxy.client_ip}:%{NUMBER:haproxy.client_port:int} \\[%{NOTSPACE:haproxy.http.request_date}\\] %{NOTSPACE:haproxy.frontend_name}/%{NOTSPACE:haproxy.bind_name} %{GREEDYDATA:haproxy.error_message}"
pollux
(Rémi Desgrange)
September 13, 2018, 8:34am
3
In this case, this is the standard logs from haproxy (debian-packaged) I don't know if debian change anything to the default config (this is sad but it could).
Issue: https://github.com/elastic/beats/issues/8301
system
(system)
Closed
October 11, 2018, 8:34am
4
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.