Logstash don't send to Elastcisearch when i use %{WORD:service} in grok

fabueno · April 17, 2019, 5:19am

Hi, I'm just "training" with grok pattern, and with this log file :

Apr 17 14:26:49 192.168.0.61 firewall 514865 11:12:13:14:15:16 abcd123|-=.>

If I do : grok { match => { ["message", "%{SYSLOGTIMESTAMP:date} %{IP:ip}"] }
}

It works. But if I add %{WORD:service} to the line, it stop working.

Why ?

Badger · April 17, 2019, 12:53pm

What result do you get with this configuration?

input { generator { count => 1 message => 'Apr 17 14:26:49 192.168.0.61 firewall 514865 11:12:13:14:15:16 abcd123' } }

filter { grok { match => ["message", "%{SYSLOGTIMESTAMP:date} %{IP:ip} %{WORD:service}"] } }

system · May 15, 2019, 12:53pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Log Grok does not work Logstash	2	314	September 28, 2018
My grok fikter dont work Logstash	7	366	August 10, 2018
Grok is succesfull in various debuggers but fails in practice with specific keyword Logstash	3	630	August 13, 2018
Logstash syslog _grokparsefailure errors Logstash	2	1275	June 11, 2019
Logs not being sent if multiple fields in grok pattern Logstash	2	169	March 7, 2024

Logstash don't send to Elastcisearch when i use %{WORD:service} in grok

Related topics