IIS logs -Provided Grok expressions do not match field value

neo · July 10, 2018, 12:16pm

Hi,i make an module for my iis log,i use the default filebeat grok for IIS to parse the message, and I get an error like "Provided Grok expressions do not match field value:"

one example of my message log is

2018-07-10 11:47:26 100.111.16.33 GET /2code/handlers/IP-Block/waves/account/wlc-auth.ashx username=avir&pass=Avi12345 443 - 100.111.16.76 - 200 0 0 5599

how can i find whats the problem is, I tried to find
The script inside the Beats repo which lets you test your pipeline .

of your support but I didn't find the path.
Please assist

exekias · July 10, 2018, 11:58pm

Hi @neo,

I would recommend using the simulate API to test your custom pipeline, have a look to https://www.elastic.co/guide/en/beats/devguide/current/filebeat-modules-devguide.html for a full guide on how modules work.

Best regards

neo · July 11, 2018, 8:19am

Thanks, I found the problem, I needed to send all columns of log property.

then it work great !

system · August 8, 2018, 8:19am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[IIS 7.5] [Filebeat 6.6.1] Provided Grok expressions do not match field value Beats filebeat	11	3135	April 29, 2019
Filebeat Grok Error - IIS Beats filebeat	4	1544	September 12, 2019
Filebeat IIS Access logs not parsing but Error logs are Beats filebeat	4	323	July 15, 2020
IIS W3C format logs not being mapped by filebeat iis module Beats filebeat	2	649	August 23, 2019
Provided Grok expressions do not match field value Beats filebeat	1	285	August 31, 2020

IIS logs -Provided Grok expressions do not match field value

Related topics