Unable to parse logs (_grokparsefailure). #50
Comments
|
This output line is not supported: Do you have verbose logging enabled, or where does this come from? |
|
can you mention any wayout for this. |
|
Actually, after re-reading your question, I don't know. The error indicated by logstash has something to do with lumberjack, which I don't use (and has no relation with this project). If you think that the problem is related to the patterns in this project, then please post a complete error message copy/pasted from kibana that describes an error while parsing a postfix input line. |
|
I tried to parse logs using grok debugger with the patterns listed, but was unable to get any output. |
|
You said you had error messages in kibana. Please show them, there is no way to help you otherwise. |
Hi,
I am using dbmail and while shiping /var/log/mail.log, logstash isn't able to parse the logs and in kibana it is showing [tags : _grokparsefailure]
Below is the snippet of my /var/log/mail.log
Apr 20 10:07:35 dbmail postfix/lmtp[29199]: master_notify: status 1
Apr 20 10:07:35 dbmail postfix/lmtp[29199]: connection closed
Apr 20 10:07:35 dbmail postfix/smtpd[29468]: disconnect from mail-la0-f50.google.com[192.168.215.50]
Apr 20 10:07:40 dbmail postfix/smtpd[28310]: connect from localhost[127.0.0.1]
Apr 20 10:07:40 dbmail postfix/smtpd[28310]: disconnect from localhost[127.0.0.1]
Below is the snippet of logstash log
{:timestamp=>"2015-04-20T06:05:24.332000-0400", :message=>"Exception in lumberjack input", :exception=>#<LogStash::ShutdownSignal: LogStash::ShutdownSignal>, :level=>:error}
The text was updated successfully, but these errors were encountered: