Discuss the Elastic Stack

How can i push the tomcat logs into elasticsearch it is showing grokparsefailure

Elastic Stack Logstash

Akash_Katakam (Akash Katakam) December 22, 2015, 2:44pm 1

input {
file {
path => "E:\wo\examples\xxxxxx.log.2015-12-19.log"

    start_position => "beginning"
    sincedb_path => "C:\Users\Akash katakam\null"

}

}
filter {
grok {
match => { "message" => "%{TOMCATLOG %{TOMCAT_DATESTAMP:timestamp} | %{LOGLEVEL:level} | %{JAVACLASS:class} - %{JAVALOGMESSAGE:logmessage}}"}
}

}

output {
elasticsearch {

index => "splog"
}
stdout {}
}

this is my conf file.

warkolm (Mark Walkom) December 23, 2015, 1:15am 2

That grok pattern does not look valid, where did you get it from?

Akash_Katakam (Akash Katakam) December 23, 2015, 6:27am 4

I followed this blog post.

Topic		Replies	Views	Activity
Grok filter in LOGSTASH Logstash	10	829	March 31, 2018
Logstash won't parse tomcat file Logstash	1	282	July 11, 2019
How to grok catalina log file Logstash	1	307	April 27, 2023
Help with tomcat grok pattern Logstash	4	1389	November 16, 2017
_grokparsefailure inspite of working well with grok debugger Logstash	10	1767	May 4, 2019

© 2020. All Rights Reserved - Elasticsearch

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.