Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

grok overwrite not working for empty strings #2590

Closed
Vad1mo opened this issue Feb 11, 2015 · 2 comments
Closed

grok overwrite not working for empty strings #2590

Vad1mo opened this issue Feb 11, 2015 · 2 comments
Labels
bug

Comments

@Vad1mo
Copy link

Vad1mo commented Feb 11, 2015

So when I have this input

input="<14>2015-02-11T17:49:29Z logspout dev_ziservice_1[1]: ASDF"

  grok {      
    match => ["message", "<%{NUMBER}>%{TIMESTAMP_ISO8601:syslogTimestamp} %{SYSLOGHOST} %{DATA:container_name}(?:\[%{POSINT}\])?:%{SPACE}%{GREEDYDATA:message}"]
    overwrite => [ "message" ]
  }

message is = ASDF

if I have this input="<14>2015-02-11T17:49:29Z logspout dev_ziservice_1[1]: "
or this="<14>2015-02-11T17:49:29Z logspout dev_ziservice_1[1]:"

The message is not " " or "" like displayed in http://grokdebug.herokuapp.com/
@suyograo suyograo added the bug label Feb 12, 2015
@harshamadala
Copy link

Is there any workaround for this?

@jsvd jsvd mentioned this issue Mar 11, 2016
Open
@jsvd
Copy link
Member

jsvd commented Mar 11, 2016

moved this issue to logstash-plugins/logstash-filter-grok#77

@jsvd jsvd closed this as completed Mar 11, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jsvd @Vad1mo @suyograo @harshamadala