-
Notifications
You must be signed in to change notification settings - Fork 106
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot be parsed using grok #91
Comments
good 👍 |
You can try this example: #80 |
@tengattack can you help to update grok README to avoid the kind of issue? |
😊 |
@wang1219 The problem of your config is using a pattern - %{NGUSER:remote_user}
+ %{USER:remote_user} You could change it to BTW, if you need faster grok parse speed (by using C code binding regexp library: Onigmo), you can compile gogstash from source code. A FROM golang:alpine
ARG version
RUN apk --update add --no-cache ca-certificates git tzdata build-base
# build onigmo
WORKDIR /src/build/
RUN git clone https://github.com/k-takata/Onigmo.git --depth=1 \
&& cd Onigmo && ./configure && make && make install
WORKDIR /go/src/github.com/tsaikd/gogstash
COPY . /go/src/github.com/tsaikd/gogstash
RUN sed -i -e 's/github.com\/vjeantet\/grok/github.com\/tengattack\/grok/' /go/src/github.com/tsaikd/gogstash/filter/grok/filtergrok.go \
&& go get -d -v ./...
RUN go build -ldflags "-X main.Version=$version" |
@tsaikd No problem. |
@tengattack Very thanks. |
The log cannot be parsed when I use the grok filter, but I can do it in the Grok Debugger, help
cat config.json
cat grok-patterns
Original log
Log Format
And Grok Gebugger
The text was updated successfully, but these errors were encountered: