Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device. Atlassian cookies and tracking notice, (opens new window)
I was trying to use the coalesce alter filter after the NAGIOSLOGLINE pattern to convert one of the three std messages back to message. And about 3/10 times the filter would fail to match on identical logs. The following would lead to "temp" being the correct string 7/10 times and the other 3 would be "Failed" when using the exact same initial message. I switched to using a conditional if with "mutate { rename" to get the desired results for now.
I was trying to use the coalesce alter filter after the NAGIOSLOGLINE pattern to convert one of the three std messages back to message. And about 3/10 times the filter would fail to match on identical logs. The following would lead to "temp" being the correct string 7/10 times and the other 3 would be "Failed" when using the exact same initial message. I switched to using a conditional if with "mutate { rename" to get the desired results for now.
grok {
patterns_dir => "/etc/logstash/patterns"
match => [ "message", "%{NAGIOSLOGLINE}" ]
overwrite => [ "message" ]
tag_on_failure => [ "Initial Nagios Match Failed" ]
}
alter {
coalesce => [ "temp", "%{nagios_check_result}", "%{nagios_comment}", "%{nagios_message}", "Failed" ]
}