Every time when i parse my log file there are some random logs which are not being parsed (every time a random set ).
You have not supplied enough information for anyone to answer. Can you give examples of the logs that are not parsed and what the failing filters look like?
I am using this as my current filter :-
filter {
grok {
match => [ "message", "(?m)^%{TIMESTAMP_ISO8601:logtime}%{SPACE}%{WORD:xevent}%{SPACE}%{WORD:protocol}%{SPACE}%{IP:ip1}:%{INT:port1} ->%{SPACE}%{IP:ip2}:%{INT:port2}%{INT:Inbyte}%{SPACE}%{INT:Outbyte}" ]
}
date {
match => ["logtime", "yyyy-MM-dd HH:mm:ss.SSS"]
}
}
But i am having the issue that m data is not parsing correctly:
tags
-
-
-
-
-
-
-
-
_grokparsefailure
_grokparsefailure
_grokparsefailure
-
_grokparsefailure
{The tags with a "-" sign are parsing but the otherones are not parsing}
[My whole log file is same without any different logs]
(I hope this might make my question more clear to all )
Again, you have given no indication of what the data you are trying to parse looks like.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.