I am trying to use grok to parse down json, I am new and have the following
filter {
if [syslog5424_app] == "nginx-access" {
json {
source => "syslog5424_msg"
skip_on_invalid_json => true
tag_on_failure => "invalid_json"
target => "dynamic_json"
}
mutate {
add_field => {
"syslog5424_app" => "%{[dynamic_json][syslog5424_app]}"
"syslog5424_host" => "%{[dynamic_json][syslog5424_host]}"
"x-forwarded-for" => "%{[dynamic_json][x-forwarded-for]}"
"clientip" => "%{[dynamic_json][clientip]}"
"user" => "%{[dynamic_json][user]}"
"response" => "%{[dynamic_json][response]}"
"request" => "%{[dynamic_json][request]}"
"sent" => "%{[dynamic_json][sent]}"
}
}
grok{
patterns_dir => "<%= @config['patterns_dir'] %>"
match => { "syslog5424_msg" => "%{NGINX_ACCESS}" }
}
}
}
and created this pattern :
NGINX_ACCESS %{SYSLOGPROG:syslog5424_app} %{SYSLOGHOST:syslog5424_host} "%{XFORWARDEDFOR:xforwardedfor}" - %{IPORHOST:clientip} %{USER:ident} \[%{HTTPDATE:timestamp}\] %{NUMBER:response} %{URIPATHPARAM:request} %{NUMBER:sent}
But I get no logs in kibana, when othe log filters are working fine. Please help