Hello! I trying to parse some logs by the grok extractors.
In my case i have success in extractor testing (1.png, 2.png), but eventually message does not parsed (result.png). What could be the reason?
did you have other extractors on the same input that might tamper the messages for this extractor?
Yes sir, other extractors are present.
But other extractors have regexp conditions like screenshot 2.png , and tested message does not meet to another extractors conditions.
The message parsing is finicky. And the debugging capabilities and error handling is virtually non-existent. The more complicated your situation the more difficult it gets. My suggestion is to temporarily shut everything else off and tweak the grok pattern until you get what you want. And if you’re not already, use this: https://grokdebug.herokuapp.com
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.