RabbitMQ ingest pipeline can't parse some log entries

Some logs (Erlang VM) can't be parsed by the provided grok expression, example log entries:

2019-07-29 14:14:43.032 [error] emulator Discarding message {'$gen_call',{<0.442.0>,#Ref<0.3746561768.1184890881.104501>},stat} from <0.442.0> to <0.32134.65> in an old incarnation (1) of this node (2)

2019-07-29 14:14:43.035 [error] emulator Discarding message {'$gen_call',{<0.435.0>,#Ref<0.3746561768.1184890881.104506>},stat} from <0.435.0> to <0.3956.17> in an old incarnation (1) of this node (2)

2019-07-29 14:14:43.311 [error] emulator Discarding message {'$gen_call',{<0.431.0>,#Ref<0.3746561768.1184890881.104511>},stat} from <0.431.0> to <0.32141.65> in an old incarnation (1) of this node (2)
  • Version: filebeat 7.1.2
  • Operating System: official docker image
  • Steps to Reproduce: enable RabbitMQ module, restart RabbitMQ server. Tested with RabbitMQ server 3.8.1

Log examples:

Suggested fix:
grok pattern should be adjusted, ERL_PID field could be optional

"%{DATESTAMP:timestamp} \\[%{WORD:log.level}\\]( %{ERL_PID:rabbitmq.log.pid})?
      %{GREEDYMULTILINE:message}"

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.