Hello,
I am using filebeat 6.4 with the postgresql module installed and pointed at my pg_log folder, and it is shipping the logs but I am getting a GROK parse error
the system is centos 7 installed with the filebeat 6.4 rpm Postgresql version is 9.6.6 and my logs look like this
< 2018-09-14 11:33:46.724 PDT > LOG: connection authorized: user=xxxxx database=xxxxx
the error I am getting is Provided Grok expressions do not match field value:
Hi @bhansen and welcome 
Your log line looks fine, but the date seems enclosed between < and >, is it like this in your log file? This is not expected in the grok patterns. Have you customized the log configuration in some way?
I have not it was installed, then I turned on some of the logging features like log connections etc. each line of the log starts with
< 2018-09-17 08:08:47.420 PDT > LOG: connection received: host=npt-app-09.main.popud.org port=43502
< 2018-09-17 08:08:47.421 PDT > LOG: connection received: host=npt-app-09.main.popud.org port=43500
< 2018-09-17 08:08:47.423 PDT > LOG: connection received: host=npt-app-09.main.popud.org port=43504
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.