Hello,
I am trying to parse a very long log line that contains 294 fields and 11,500 characters.
I've had some difficulties testing the grok pattern because it's so long. When trying to use the grok debugger in Kibana, I'm met with bugs when trying to paste the grok pattern into the field because it's so long. When trying to run a test pipeline, I can't get the entire log line pasted in using stdin{} because it's too long. I also can't seem to get the local file input method working.
But using the heroku grok debugger, I've noticed that everything parses fine until a certain point, even though there isn't any pattern deviation in the log or the grok pattern. This leads me to believe that Logstash is unable to match a log to a grok pattern after a certain point.
I haven't been able to find a definitive answer online, but does anyone know if this is the case?
Whatever the case is, I believe I'll have to trim the fat on the log line by targeting non-zero metrics. But any context surrounding Grok limitations in this scenario would be helpful.
Thank you!