Hello,
I created a pipeline in kibana
# Click the Variables button, above, to create your own variable
PUT _ingest/pipeline/exemple-pipeline-apache
{
"description": "Mon premier pipeline pour appliquer un grok pattern sur le champ message
des logs apache",
"processors": [
{
"grok": {
"field": "message",
"patterns" : [
"%{IPORHOST:remote_ip} - %{DATA:user_name}
\\[%{HTTPDATE:access_time}\\] \\\"%{WORD:http_method} %{DATA:url}
HTTP/%{NUMBER:http_version}\\\" %{NUMBER:response_code}
%{NUMBER:body_sent_bytes} \\\"%{DATA:referrer}\\\" \\\"%{DATA:agent}\\\""
]
}
},
{
"set": {
"description": "la version de logstash qui a été utilisée",
"field": "logstash_version",
"value": 7.10
}
},
{
"uppercase": {
"field": "_index"
}
}
]
}
I am getting this error:
{
"error": {
"root_cause": [
{
"type": "parse_exception",
"reason": "Failed to parse content to map"
}
],
"type": "parse_exception",
"reason": "Failed to parse content to map",
"caused_by": {
"type": "json_parse_exception",
"reason": """Illegal unquoted character ((CTRL-CHAR, code 10)): has to be escaped using backslash to be included in string value
at [Source: (byte[])"{
"description": "Mon premier pipeline pour appliquer un grok pattern sur le champ message
des logs apache",
"processors": [
{
"grok": {
"field": "message",
"patterns" : [
"%{IPORHOST:remote_ip} - %{DATA:user_name}
\\[%{HTTPDATE:access_time}\\] \\\"%{WORD:http_method} %{DATA:url}
HTTP/%{NUMBER:http_version}\\\" %{NUMBER:response_code}
%{NUMBER:body_sent_bytes} \\\"%{DATA:referrer}\\\" \\\"%{DATA:agent}\\\""
]
}
},
{
"set": {
"description": "la version de logstash qui a été uti"[truncated 110 bytes]; line: 2, column: 92]"""
}
},
"status": 400
}