Failed to parse messages

Graylog Central (peer support)
1

Description of your problem

I understand there is a problem with my grok parsing, I am having trouble seeing the raw message, is there a way I can see this raw message in graylog because its not getting indexed?

[107]: index [graylog_297], type [_doc], id [22697ee1-373b-11ec-a147-0050568f63c5], message [ElasticsearchException[Elasticsearch exception [type=mapper_parsing_exception, reason=failed to parse field [application_name] of type [date] in document with id ‘22697ee1-373b-11ec-a147-0050568f63c5’. Preview of field’s value: ‘vpxd’]]; nested: ElasticsearchException[Elasticsearch exception [type=illegal_argument_exception, reason=failed to parse date field [vpxd] with format [strict_date_optional_time||epoch_millis]]]; nested: ElasticsearchException[Elasticsearch exception [type=date_time_parse_exception, reason=Failed to parse with all enclosed parsers]];]

Description of steps you’ve taken to attempt to solve the issue

Looked at /var/log/graylog-server/server.log

Environmental information

prod

  • CentOS

Package versions

  • Graylog 4.2 latest
  • MongoDB - latest
  • Elasticsearch -latest 7.15
2

Looks like your conflict is between a name and a date… I can never remeber either… :stuck_out_tongue:

3

Is there a way I can see the raw message

4

temporarily remove the GROK parsing to let it through - or create a separate input and push a few messages through it.

5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.