IPv6 addresses can't be parsed with grok's %{IPORHOST} #1973
Assignees
Labels
bug
unexpected problem or unintended behavior
Comments
|
the grok library that we use to parse patterns appears to have an issue with the IPORHOST pattern. I'm not sure why exactly, but might have something to do with the number of levels of that particular pattern (see vjeantet/grok#17) I'll have a fix for the CLF pattern up shortly, though I'll leave this case open because using IPORHOST (and probably other valid grok patterns) is still broken. |
sparrc
added a commit
that referenced
this issue
Dec 20, 2016
deals partially with #1973 see also vjeantet/grok#17
3 tasks
njwhite
pushed a commit
to njwhite/telegraf
that referenced
this issue
Jan 31, 2017
deals partially with influxdata#1973 see also vjeantet/grok#17
|
pushing this out because it's dependent on vjeantet/grok#17 |
maxunt
pushed a commit
that referenced
this issue
Jun 26, 2018
deals partially with #1973 see also vjeantet/grok#17
|
grok %{COMBINED_LOG_FORMAT} as well as %{IPORHOST} work as they should. %{IPORHOST} also now supports IPV6 addresses |
|
a functional test case can be found for working IPV6 addresses in telegraf/plugins/inputs/logparser/grok/grok_test.go on line 123 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The default %{COMBINED_LOG_FORMAT} can't understand even simple IPv6 addresses:
2001:0db8:85a3:0000:0000:8a2e:0370:7334with%{IPORHOST}becomes:"IPORHOST": [ "2001" ]But if we use the definition from Logstash's patters
IPORHOST (?:%{IP}|%{HOSTNAME})it can match the whole IPv6 address.Furthermore with the definition above it still can't match IPv4-compatible addresses, like
::ffff:192.0.2.128, but that can be solved by replacing "listen [::]:80 ipv6only=off;" with "listen 80; listen [::]:80 ipv6only=on;" at nginx's server config.Telegraf - version 1.0.1
The text was updated successfully, but these errors were encountered: