Hi Team,
I was following the below guide to test filters:
https://assets.nagios.com/downloads/nag ... ilters.pdf
But getting a _grokparsefailure in the tag of log data even after following guide from point to point.
Kindly provide your valuable inputs into it.
Thanks in advance.
Getting a _grokparsefailure tag in log data
-
DhananjayaPatil
- Posts: 11
- Joined: Fri Oct 22, 2021 8:06 am
Re: Getting a _grokparsefailure tag in log data
Hi DhananjayaPatil ,
Can you please provide me with the expression that is getting the grokparsefailure error?
Thanks!
Can you please provide me with the expression that is getting the grokparsefailure error?
Thanks!
-
DhananjayaPatil
- Posts: 11
- Joined: Fri Oct 22, 2021 8:06 am
Re: Getting a _grokparsefailure tag in log data
Hi gsmith,
Heres the filter called TestFilter which I have used.
if [program] == 'LinuxFilterTest' {
grok {
match => [ 'message', '%{WORD:first_word} %{WORD:second_word} %
{GREEDYDATA:everything_else}' ]
}
}
As you can see, its exactly same as the one provided in the documentation.
Let me know what else I can try for it to get working.
Thanks
Heres the filter called TestFilter which I have used.
if [program] == 'LinuxFilterTest' {
grok {
match => [ 'message', '%{WORD:first_word} %{WORD:second_word} %
{GREEDYDATA:everything_else}' ]
}
}
As you can see, its exactly same as the one provided in the documentation.
Let me know what else I can try for it to get working.
Thanks
Re: Getting a _grokparsefailure tag in log data
Hi,
Please go to Configure, Global Config. Then expand the Input and Filter for File Test as shown:
Send me a screenshot of what you have.
Also, on the Nagios Log Server, from a command line please run:
and send me the output.
Thanks
Please go to Configure, Global Config. Then expand the Input and Filter for File Test as shown:
Send me a screenshot of what you have.
Also, on the Nagios Log Server, from a command line please run:
Code: Select all
ls -l /tmp/test.logThanks
You do not have the required permissions to view the files attached to this post.