IIS logs -Provided Grok expressions do not match field value

neo · July 10, 2018, 12:16pm

Hi,i make an module for my iis log,i use the default filebeat grok for IIS to parse the message, and I get an error like "Provided Grok expressions do not match field value:"

one example of my message log is

2018-07-10 11:47:26 100.111.16.33 GET /2code/handlers/IP-Block/waves/account/wlc-auth.ashx username=avir&pass=Avi12345 443 - 100.111.16.76 - 200 0 0 5599

how can i find whats the problem is, I tried to find
The script inside the Beats repo which lets you test your pipeline .

of your support but I didn't find the path.
Please assist

exekias · July 10, 2018, 11:58pm

Hi @neo,

I would recommend using the simulate API to test your custom pipeline, have a look to https://www.elastic.co/guide/en/beats/devguide/current/filebeat-modules-devguide.html for a full guide on how modules work.

Best regards

neo · July 11, 2018, 8:19am

Thanks, I found the problem, I needed to send all columns of log property.

then it work great !

system · August 8, 2018, 8:19am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.