I have problem with ingest pipeline

Hi guys, this is first post.

I have a issue with kibana "dev tools", I test this query:

GET _ingest/pipeline/_simulate?verbose
{
"pipeline": {
"processors": [
{
"grok": {
"field": "message",
"pattern": "%{COMMONAPACHELOG}"
}
},
{
"date": {
"match_field": "timestamp",
"match_formats": ["dd/MMM/YYYY:HH:mm:ss Z"]
}
},
{
"remove": {
"field": "message"
}
}
]
},
"docs": [
{
"_source": {
"message": "53.35.38.36 - - [19/Apr/2016:12:00:04 +0200] "GET / HTTP/1.1" 200 24"
},
"_index": "my_index_rafael"
}
]
}

and return this message:

{
"error": {
"root_cause": [
{
"type": "parse_exception",
"reason": "[patterns] required property is missing",
"header": {
"processor_type": "grok",
"property_name": "patterns"
},
"suppressed": [
{
"type": "parse_exception",
"reason": "[field] required property is missing",
"header": {
"processor_type": "date",
"property_name": "field"
}
}
]
}
],
"type": "parse_exception",
"reason": "[patterns] required property is missing",
"header": {
"processor_type": "grok",
"property_name": "patterns"
},
"suppressed": [
{
"type": "parse_exception",
"reason": "[field] required property is missing",
"header": {
"processor_type": "date",
"property_name": "field"
}
}
]
},
"status": 400
}

I want know the issue.

Thanks folks!

Hello Rafael,

When copying your query into dev tools, I did notice you have double quotes within double quotes on this line: "message": "53.35.38.36 - - [19/Apr/2016:12:00:04 +0200] "GET / HTTP/1.1" 200 24".

There are a few ways to handle this as covered in this thread. Hopefully that helps!

Regards,
Aaron

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.