We are sending two type of log files ,

In 1st Log pattern is : 2019-01-03T14:25:34,156 com.abc.notificationmanagement.service.NotificationMgmtServiceImpl - CC Addresses After Replacing Invalids:null

In 2nd Log pattern is: 2018-12-31 06:04:30,291 DEBUG BPM c8bb1e7c-0ca8-11e9-9d53-0a0484180000 c8bb1cd8-0ca8-11e9-9d53-0a0484180000 SOE abc null sal

GrokPattern for TimeStamp :^%{TIMESTAMP_ISO8601:timestamp_match}

Both File is passed through Filebeat and Logstash but only 1st logs are showing in KIbana,

We are getting Below messege in Logstash Log output :

Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"uat_elk-2019.01.02", :_type=>"doc", :_routing=>nil}, #LogStash::Event:0x7830313f], :response=>{"index"=>{"_index"=>"uat_elk-2019.01.02", "_type"=>"doc", "_id"=>"fZ7PDmgB4qCW4Xakg7a-", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse [timestamp_match]", "caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"Invalid format: "2019-01-02 16:45:00,422" is malformed at " 16:45:00,422""}}}}}
1st type Log:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.