when i am indexing my log file from logstash some fields are missing . _grokparsefailure is coming . I am indexing a log file it has log levels so my error and trace are getting indexed but warn , debug are missing and when i am checking in elasticsearch then few fields is having tag _grokparsefailure and other is not having it. what should i do?
Please move this topic to the Logstash group and include your Logstash configuration, an example input message, the resulting output, and what you expected should've happened.
input {
file {
path => "C:\Users\egupanm\csv\log1.log"
start_position => "beginning"
type => "logexample"
}
}
filter {
grok {
type => "logexample"
match => [ "message", "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:log_level} %{JAVACLASS:class} %{NUMBER:line} %{GREEDYDATA:Message}" ]
}
}
output
{
elasticsearch
{
cluster =>"elastic"
action => "index"
host => "localhost"
index => "new1"
}
stdout { }
}
cofig file
2015-10-08 15:29:05 TRACE Example 15 Trace Message!
2015-10-08 15:29:05 INFO Example 16 Info Message!
2015-10-08 15:29:05 WARN Example 17 Warn Message!
2015-10-08 15:29:05 ERROR Example 18 Error Message!
2015-10-08 15:29:05 TRACE Example 15 Trace Message!
2015-10-08 15:29:05 INFO Example 16 Info Message!
2015-10-08 15:29:05 WARN Example 17 Warn Message!
2015-10-08 15:29:05 ERROR Example 18 Error Message!
2015-10-08 15:29:05 TRACE Example 15 Trace Message!
2015-10-08 15:29:05 INFO Example 16 Info Message!
2015-10-08 15:29:05 WARN Example 17 Warn Message!
LOG file
I have attached log file and config file and now kibana show only few fields like error and trace are being shown but warn and info are missing . tag says _grokparsefailure.
JAVACLASS requires at least one period, i.e. Example.Example matches but Example doesn't. Use NOTSPACE instead.