and i work for the same log !
but when i didn't make
if "_grokparsefailure" in [tags] {
drop {}
}
it works
the problem is that when i didn't use it
it parse all the lines (2000 lines )
and in elasticsearch tables
i found the researchable lines and the other lines
some one can help me please !