[logstash] Cannot find the logs that donot match the grok filter

Zhao · September 6, 2018, 7:19am

Hello, dear all,

I updated the logstash from vesrion 2.1 to 6.4, and I find there are some differences between them which caused my problem.

I cannot find any logs that don't match my grok filters in the kibana for version 6.4, but for the older logstash, I can find them with the tags: "_grokparsefailure ".
I also can't see any error in the /var/log/logstash/logstash-plain.log for the new version logstash.
And I can find it many _grokparsefailure in the /var/log/logstash/logstatsh.log for the old version logstash.

And for me, I need to save all the logs in the elasticsearch, include the parse error log.

How can I do my job for losgtash v6.4?

Any advice is very appreciated, thanks in advance.

Lyndon

Zhao · September 6, 2018, 11:20am

I had found a way to resolve this issue -- add a filter that can match each log.
But it still cannot be seen in the elasticsearch.

And in the end, I found that, I need to extract a field with the type date, or it cann't be indexed to "logstash-YY-MM-DD.log", that's why the log cannot be see in the kibana.

Zhao · September 6, 2018, 11:22am

And I am wondering why in the logstash of 2.1 , it can use the default field @timestamp as the elasticsearch index but logstash v6.4 cannot do it as this way.

If anybody knows why, please let me know.

Thanks very much.

Topic		Replies	Views
Grok filter output to elastic not filtered Logstash	3	1153	October 18, 2017
Grok problem and logstash Logstash	1	339	June 11, 2019
After upgrade 5.7 logstash to 6.0 unable to get some logs Logstash	1	301	December 24, 2019
Grok doesn't work on Elastic but on dubugger yes Logstash	5	54	November 25, 2025
Grok Matches but getting _grokparsefailure in Kibana Logstash	1	266	April 25, 2020

[logstash] Cannot find the logs that donot match the grok filter

Related topics