Logs are not parsing properly

Sundaramoorthy_Anand · November 11, 2019, 8:48am

My architecture is

*Filebeat A*(remote) > Logstash A (2 pipelines) > Elasticsearch A > Kibana A
*Filebeat B*(remote) > Logstash A (2 pipelines) > Elasticsearch A > Kibana A

Its for logs analysis.

say my logs format is abc_logs-yyyy.mm.dd.log

My Filebeats are pushing logs to Logstash (I can see in data/registry file) but Logstash is NOT creating index for some of the log files.

say, abc_logs-2019.11.02.log is there in my log location and also Filebeat pushed it to Logstash. But I can't see any index created in elasticsearch.

Also, one extra problem.

Even if the indexes are created, NOT all valid logs are getting parsed.
Like if a log file has 100 correct log format (as in grok filter pattern of
logstash.yml file) only 60%-70% data is shown in elasticsearch..
around 40% data is getting dropped .. I don't know what is the exact reason..

If I check the unparsed logs in grok debugger with the specified grok pattern, it is parsing perfectly.

Any solution for this problem?

system · December 9, 2019, 8:48am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Parsing issues Logstash	1	285	November 22, 2018
How to check whether logsash is parsing data from a filebeat Logstash	4	727	September 13, 2018
Not getting parsed logs to Elasticsearch but able to see in logstash Elasticsearch	1	411	October 4, 2018
Logstash showing only parse failures from log Logstash	5	472	July 6, 2017
Logstash not parsing logs Logstash	2	1453	July 19, 2017

Logs are not parsing properly

Related topics