Hi all
I've upgrade to Kibana 4.3, which required Elastic 2.3 which required logstash 2.1
After I upgrade to 2.1, the syslog input is no loner parsing out priority, severity and facility properly. I receive the error:
_grokparsefailure_sysloginput,
This was working fine before I upgraded logstash.. After trying to update all plugins, at which point I ran into this bug.
So now I'm just wondering if anyone has run into this issue as well and what steps they took to resolve it.
I added the raw field based on this article and got the following result:
<134> Jan 25 16:21:25 JCAFARELLI-AIO BPEL: checkoutAPI: InsertMerchantInGateway: Creating Contact In Gateway
I've resorted to destroying all of my templates because of said bug report
I've also deleted all of my indexes due to the breaking 2.0 change after I was unable to update the mappings.
I am now using the following filter to parse the messages:
grok {
match => { "message" => "<%{POSINT:syslog_pri}> %{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
}
}
While I am now getting basic syslog message working, I am still working on deriving the severity syslog priority.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.