I am trying to used this grok pattern
%{Myfield:Path}\t%{Myfield:Status}\t\t%{Myfield:model_package}
to parse out this two
/folder/1/2\tSuccess\t\tsometext,
/folder/1/2\t\t\tsometext,
I turned on Keep_Empty_Captures, but still, the pattern only captures the first one but give me a _grokparserfailure for second one.
I thought Keep_empty_captures servies this purpose, but apparently it doesn't. Can anyone help me with this?
Are there ways to keep the status field for second log with the same grok pattern? Thanks in advance.