This article shows you how to update the Logstash patterns on Nagios Log Server. This might resolve issues with logs not being parsed which can lead to a _grokparsefailure.
Open an SSH session to a Nagios Log Server node.
Type:
cd /usr/local/nagioslogserver/logstash/bin
./plugin update logstash-patterns-core
Which should give you an output like:
Updating logstash-patterns-core
Updated logstash-patterns-core 0.1.10 to 0.4.0
You will need to perform this on all of your Nagios Log Server nodes.
For any support related questions please visit the Nagios Support Forums at:
http://support.nagios.com/forum/
Article ID: 483
Created On: Wed, Mar 2, 2016 at 6:27 PM
Last Updated On: Wed, Mar 2, 2016 at 6:28 PM
Authored by: tlea
Online URL: https://support.nagios.com/kb/article/nagios-log-server-updating-logstash-patterns-483.html