fluent-plugin-grok-parser
fluent-plugin-grok-parser copied to clipboard
fluent
Fluentd's Grok parser
Hello Everyone! I would like some feedback on an issue i've observed with syslog tags exceeding 32 characters. The syslog RFC defines a "TAG" in the syslog message (typically program...
Hi I have a log file which has logs like below ------------------------------------------------------------------------------- ----------- SCAN SUMMARY ----------- Known viruses: 368701 Engine version: 0.103.3 Scanned directories: 8103 Scanned files: 79957 Infected files:...
https://github.com/fluent/fluent-plugin-grok-parser/blob/master/patterns/bind#L3 is missing a hex matcher after `client`. should be ``` BIND9 %{BIND9_TIMESTAMP:timestamp} queries: %{LOGLEVEL:loglevel}: client(:? @0x(?:[0-9A-Fa-f]+))? %{IP:clientip}#%{POSINT:clientport} \(%{GREEDYDATA:query}\): query: %{GREEDYDATA:query} IN %{GREEDYDATA:querytype} \(%{IP:dns}\) ``` according to https://github.com/logstash-plugins/logstash-patterns-core/blob/main/patterns/legacy/bind
The pattern ELB_ACCESS_LOG no matches sometimes because of this: The status code of the response from the target. This value is recorded only if a connection was established to the...
Hello, Fluentd version: 1.13.3 Grok parser plugin version: 2.0.1 I'm currently experiencing an issue when using the grok parser, where I receive an error during Fluentd startup: ```log fluentd[24300]: /var/lib/gems/2.5.0/gems/fluent-plugin-grok-parser-2.0.1/lib/fluent/plugin/parser_grok.rb:17:in...
Hi all, I want to use a k8s annotation as my grok value, I have tried the following: ``` @type parser enable_ruby key_name log @type grok grok_pattern ${record["kubernetes"]["annotations"]["fluentd.grok"]} ``` Annotation:...
I am using below grok_pattern for parsing Nginx logs ``` @type tail path /data/nginxlogs/access.log pos_file /var/log/td-agent/nginx-access.log.pos tag es.nginx.acces @type multiline_grok pattern Started %{IPORHOST:client_ip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] \"%{WORD:method} %{NOTSPACE:request_page} HTTP/%{NUMBER:http_version}\" %{NUMBER:server_response}...
Hi, I have a question rather than an issue. Does the fluent-plugin-grok-parser support multi-line and multi-format? I am tailing multiple log4j2 log files. Each of them may have a different...
