Page 1 of 1
Getting a _grokparsefailure tag in log data
Posted: Thu Nov 04, 2021 2:03 am
by DhananjayaPatil
Hi Team,
I was following the below guide to test filters:
https://assets.nagios.com/downloads/nag ... ilters.pdf
But getting a _grokparsefailure in the tag of log data even after following guide from point to point.
Kindly provide your valuable inputs into it.
Thanks in advance.
Re: Getting a _grokparsefailure tag in log data
Posted: Thu Nov 04, 2021 2:59 pm
by gsmith
Hi DhananjayaPatil ,
Can you please provide me with the expression that is getting the grokparsefailure error?
Thanks!
Re: Getting a _grokparsefailure tag in log data
Posted: Mon Nov 08, 2021 12:59 am
by DhananjayaPatil
Hi gsmith,
Heres the filter called TestFilter which I have used.
if [program] == 'LinuxFilterTest' {
grok {
match => [ 'message', '%{WORD:first_word} %{WORD:second_word} %
{GREEDYDATA:everything_else}' ]
}
}
As you can see, its exactly same as the one provided in the documentation.
Let me know what else I can try for it to get working.
Thanks
Re: Getting a _grokparsefailure tag in log data
Posted: Mon Nov 08, 2021 11:24 am
by gsmith
Hi,
Please go to Configure, Global Config. Then expand the Input and Filter for File Test as shown:
Image010.jpg
Send me a screenshot of what you have.
Also, on the Nagios Log Server, from a command line please run:
and send me the output.
Thanks