Which version of Logstash? If less than 1.5 it could be the syslog input that adds _grokparsefailure when it gets a message it think is malformed. I believe Logstash 1.5 changed this so it adds its own tag upon failure.
Which version of Logstash? If less than 1.5 it could be the syslog input that adds _grokparsefailure when it gets a message it think is malformed. I believe Logstash 1.5 changed this so it adds its own tag upon failure.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.