HI Team,
I need to extract the source field, when i process im getting grok parse failure please find the belwo image for your reference,
Im using below grok pattern,
%{PATH}/%{UUID:requestFileId}
Im using below grok pattern,
That doesn't work because the filename isn't a UUID because it begins with "U" (and ends with "_Request.xml" but is it happens that doesn't matter here).
Use %{PATH}/%{UUID:requestFileId} instead of %{PATH}/U%{UUID:requestFileId} and things should work better.
Its not working, Im getting same error. I want to extract this value also from this input,
/beep/envs/beepq/config/ddoa/logs/old/0a5d3ad4-421c-49bd-b05f-c83e869e526f_Request.xml
Expected Result: 0a5d3ad4-421c-49bd-b05f-c83e869e526f
but im getting parse failure
Its not working, Im getting same error.
With the exact input string you gave in your example or with the file named 0a5d3ad4-421c-49bd-b05f-c83e869e526f_Request.xml?
Actually im processing one xml please find the result of that file,
I want to extract this value "0a5d3ad4-421c-49bd-b05f-c83e869e526f" from source field how can i perform that. Please help on that
Never post screenshots if you can use copy/paste.
I don't know why %{PATH} as in your previous example doesn't work, but the grok expression /%{UUID:requestFileId}_Request.xml$ works fine.
"offset" => 0,
"count" => 1,
"input_type" => "log",
"source" => "/beep/envs/beepq/config/ddoa/logs/fault/0ef47a3d-7dc6-4ccd-b49e-fad22018ccf6_Request.xml",
"tags" => [
[0] "beats_input_codec_plain_applied",
[1] "_grokparsefailure"
],
"@timestamp" => 2017-02-08T07:19:03.829Z,
"file_type" => "ProcessRepairOrder",
"@version" => "1",
"beat" => {
"hostname" => "vmtlesdq01",
"name" => "vmtlesdq01"
},
"host" => "vmtlesdq01",
"fingerprint" => "18c5809fa1cf7208b25fdfc0052fe997f8af2cb3",
"fields" => nil
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.