Problem to Test Grok pattern

Dear All,

I’m Trying to test Grok parsing with new extractor, but I always receive the same kind of error message

> We were not able to run the grok extraction. Please check your parameters.
> Details: Error: cannot POST http://IP_ADDRESS:9000/api/tools/grok_tester (500)

My graylog version is : Graylog v3.2.4+a407287

Could please tell me what is happen exactly? it seems I have this error message for every grok parse test

in Complement information, I receive those errors messages when I tried to test my Grok Patterns

 bluebird.js:1545 Unhandled rejection Error: cannot POST http://IP_ADDRESS:9000/api/tools/grok_tester (500)    at http://IP_ADDRESS:9000/assets/builtins.8f8a24a8d49ce905d0ae.js:14:33502    at l (http://IP_ADDRESS:9000/assets/builtins.8f8a24a8d49ce905d0ae.js:76:90514)    at O._settlePromiseFromHandler (http://IP_ADDRESS:9000/assets/builtins.8f8a24a8d49ce905d0ae.js:76:63769)    at O._settlePromise (http://IP_ADDRESS:9000/assets/builtins.8f8a24a8d49ce905d0ae.js:76:64569)    at O._settlePromise0 (http://IP_ADDRESS:9000/assets/builtins.8f8a24a8d49ce905d0ae.js:76:65268)    at O._settlePromises (http://IP_ADDRESS:9000/assets/builtins.8f8a24a8d49ce905d0ae.js:76:66484)    at http://IP_ADDRESS:9000/assets/builtins.8f8a24a8d49ce905d0ae.js:76:20215From previous event:    at O.F [as _captureStackTrace] (http://IP_ADDRESS:9000/assets/builtins.8f8a24a8d49ce905d0ae.js:76:33566)    at O._then (http://IP_ADDRESS:9000/assets/builtins.8f8a24a8d49ce905d0ae.js:76:59226)    at O.then (http://IP_ADDRESS:9000/assets/builtins.8f8a24a8d49ce905d0ae.js:76:57582)    at v.i.then (http://IP_ADDRESS:9000/assets/builtins.8f8a24a8d49ce905d0ae.js:211:11348)    at t.value (http://IP_ADDRESS:9000/assets/builtins.8f8a24a8d49ce905d0ae.js:14:33062)    at http://IP_ADDRESS:9000/assets/builtins.8f8a24a8d49ce905d0ae.js:14:29363    at exports.default (http://IP_ADDRESS:9000/assets/builtins.8f8a24a8d49ce905d0ae.js:14:29380)    at f.testGrok (http://IP_ADDRESS:9000/assets/builtins.8f8a24a8d49ce905d0ae.js:60:88883)    at http://IP_ADDRESS:9000/assets/app.8f8a24a8d49ce905d0ae.js:82:806724    at Object.p (http://IP_ADDRESS:9000/assets/vendor.5452e7a2fdfb6282da0a.js:18:1049)    at b (http://IP_ADDRESS:9000/assets/vendor.5452e7a2fdfb6282da0a.js:18:1192)    at http://IP_ADDRESS:9000/assets/vendor.5452e7a2fdfb6282da0a.js:18:1338    at T (http://IP_ADDRESS:9000/assets/vendor.5452e7a2fdfb6282da0a.js:18:1424)    at k (http://IP_ADDRESS:9000/assets/vendor.5452e7a2fdfb6282da0a.js:18:1873)    at A (http://IP_ADDRESS:9000/assets/vendor.5452e7a2fdfb6282da0a.js:18:1685)    at Y (http://IP_ADDRESS:9000/assets/vendor.5452e7a2fdfb6282da0a.js:18:2033)    at En (http://IP_ADDRESS:9000/assets/vendor.5452e7a2fdfb6282da0a.js:18:31030)    at Hn (http://IP_ADDRESS:9000/assets/vendor.5452e7a2fdfb6282da0a.js:18:31628)    at exports.unstable_runWithPriority (http://IP_ADDRESS:9000/assets/vendor.5452e7a2fdfb6282da0a.js:42:3998)    at fi (http://IP_ADDRESS:9000/assets/vendor.5452e7a2fdfb6282da0a.js:18:41500)    at Ws (http://IP_ADDRESS:9000/assets/vendor.5452e7a2fdfb6282da0a.js:18:79886)    at jn (http://IP_ADDRESS:9000/assets/vendor.5452e7a2fdfb6282da0a.js:18:31313)
a @ droppable.js:1

DevTools failed to load SourceMap: Could not load content for http://IP_ADDRESS:9000/assets/plugin/org.graylog.plugins.threatintel.ThreatIntelPlugin/plugin.org.graylog.plugins.threatintel.ThreatIntelPlugin.3ac48f33775d03d4bd8f.js.map: HTTP error: status code 500, net::ERR_HTTP_RESPONSE_CODE_FAILURE

Many thank for your help

you should update at least to the latest bug fix release in your branch version - to help you even more it would be good to know WHAT pattern you have tried to save.

Hi Jan,

Many thank for your response, I think I found the reason of this problem.
It seems that this server had jar plugin on different versions:

-rw-r–r–. 1 root root 18031262 10 jun 20:55 graylog-plugin-aws-3.2.6.jar
-rw-r–r–. 1 root root 4512301 10 jun 20:55 graylog-plugin-collector-3.2.6.jar
-rw-r–r–. 1 root root 25876387 10 jun 20:55 graylog-plugin-enterprise-3.2.6.jar
-rw-r–r–. 1 root root 6977321 10 jun 20:56 graylog-plugin-enterprise-integrations-3.2.6.jar
-rw-r–r–. 1 root root 29970121 10 jun 20:55 graylog-plugin-integrations-3.2.6.jar
-rw-r–r–. 1 root root 6025823 10 jun 20:55 graylog-plugin-threatintel-3.2.6.jar

I think this server need to be reinstalled in order to work correctly

Other point, to answer your question, I received this kind of error for every Pattern tested

example:
%{GREEDYDATA:test}

Kind regards

yes, you need to have the same plugin version as your server that everything work correctly.

Hello Jan,

Ok I solved this problem, for that, I only update my actual graylog installation with the following command:

sudo yum update && sudo yum install graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins

Again many thanks for help

Kind regards

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.