IIS logs -Provided Grok expressions do not match field value

neo · July 10, 2018, 12:16pm

Hi,i make an module for my iis log,i use the default filebeat grok for IIS to parse the message, and I get an error like "Provided Grok expressions do not match field value:"

one example of my message log is

2018-07-10 11:47:26 100.111.16.33 GET /2code/handlers/IP-Block/waves/account/wlc-auth.ashx username=avir&pass=Avi12345 443 - 100.111.16.76 - 200 0 0 5599

how can i find whats the problem is, I tried to find
The script inside the Beats repo which lets you test your pipeline .

of your support but I didn't find the path.
Please assist

exekias · July 10, 2018, 11:58pm

Hi @neo,

I would recommend using the simulate API to test your custom pipeline, have a look to https://www.elastic.co/guide/en/beats/devguide/current/filebeat-modules-devguide.html for a full guide on how modules work.

Best regards

neo · July 11, 2018, 8:19am

Thanks, I found the problem, I needed to send all columns of log property.

then it work great !

Topic		Replies	Views
Provided Grok expressions do not match field value Beats filebeat	1	317	August 31, 2020
[IIS 7.5] [Filebeat 6.6.1] Provided Grok expressions do not match field value Beats filebeat	11	3266	April 29, 2019
Filebeat Grok Error - IIS Beats filebeat	4	1645	September 12, 2019
Standard IIS grok templates can't parse Beats beats-module	5	520	August 30, 2021
IIS W3C format logs not being mapped by filebeat iis module Beats filebeat	2	710	August 23, 2019

IIS logs -Provided Grok expressions do not match field value

Related topics