I have problem with ingest pipeline

Rafael_G_de_Matos · December 5, 2018, 4:28pm

Hi guys, this is first post.

I have a issue with kibana "dev tools", I test this query:

GET _ingest/pipeline/_simulate?verbose
{
"pipeline": {
"processors": [
{
"grok": {
"field": "message",
"pattern": "%{COMMONAPACHELOG}"
}
},
{
"date": {
"match_field": "timestamp",
"match_formats": ["dd/MMM/YYYY:HH:mm:ss Z"]
}
},
{
"remove": {
"field": "message"
}
}
]
},
"docs": [
{
"_source": {
"message": "53.35.38.36 - - [19/Apr/2016:12:00:04 +0200] "GET / HTTP/1.1" 200 24"
},
"_index": "my_index_rafael"
}
]
}

and return this message:

{
"error": {
"root_cause": [
{
"type": "parse_exception",
"reason": "[patterns] required property is missing",
"header": {
"processor_type": "grok",
"property_name": "patterns"
},
"suppressed": [
{
"type": "parse_exception",
"reason": "[field] required property is missing",
"header": {
"processor_type": "date",
"property_name": "field"
}
}
]
}
],
"type": "parse_exception",
"reason": "[patterns] required property is missing",
"header": {
"processor_type": "grok",
"property_name": "patterns"
},
"suppressed": [
{
"type": "parse_exception",
"reason": "[field] required property is missing",
"header": {
"processor_type": "date",
"property_name": "field"
}
}
]
},
"status": 400
}

I want know the issue.

Thanks folks!

Aaron_Caldwell · December 5, 2018, 6:09pm

Hello Rafael,

When copying your query into dev tools, I did notice you have double quotes within double quotes on this line: "message": "53.35.38.36 - - [19/Apr/2016:12:00:04 +0200] "GET / HTTP/1.1" 200 24".

There are a few ways to handle this as covered in this thread. Hopefully that helps!

Regards,
Aaron

system · January 2, 2019, 6:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.