Myself getting an below error while testing the config file
The given configuration is invalid. Reason: Expected one of #, {, } at line 13, column 135 (byte 377) after filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{IP:client_ip} %{NOTSPACE:termination_state} %{NOTSPACE:termination_state} [%{HTTPDATE:timestamp}] " {:level=>:fatal}
Please find the below config file
input {
lumberjack {
port => 5043
type => "syslog"
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{IP:client_ip} %{NOTSPACE:termination_state} %{NOTSPACE:termination_state} [%{HTTPDATE:timestamp}] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}" %{INT:http_status_code} %{NOTSPACE:bytes_read} %{GREEDYDATA:url}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
Request you to please suggest me the same