[LOGSTASH-1848] grok filter for heroku not working as expected - logstash.jira.com

Details

Type: Bug/Feature
Status: Resolved (View workflow)
Resolution: Fixed
Affects Version/s: 1.3.3
Fix Version/s: 1.3.3
Labels:
- filter
- grok
- heroku

Description

I have started using heroku input that uses grok filter and have tested that the following filter works at http://grokdebug.herokuapp.com/

{TIMESTAMP_ISO8601:timestamp}

{WORD:component}

{WORD:process}

(?:\.%

{INT:instance:int}

)?]: %

{DATA:message}

for

2014-01-30T21:54:15.450954+00:00 heroku[router]: at=info method=GET path=/socket.io/1/xhr-polling/wCeckZz8Ln5gUt888M35?t=1391118843246 host=redfly.redstar.com request_id=fa219f8b-9768-4a2c-9fe6-c7d6bf1a0969 fwd="70.88.199.13" dyno=web.1 connect=2ms service=10016ms status=200 bytes=3

grok debug outputs the following as message:

"at=info method=GET path=/socket.io/1/xhr-polling/wCeckZz8Ln5gUt888M35?t=1391118843246 host=redfly.redstar.com request_id=fa219f8b-9768-4a2c-9fe6-c7d6bf1a0969 fwd=\"70.88.199.13\" dyno=web.1 connect=2ms service=10016ms status=200 bytes=3"

However, when I see it in Kibana (attached image), I see that the message contains timestamp and other parts of the log entry instead of filtering just the "at=info method=GET <etc>"

I think it's a bug.

Gliffy Diagrams

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

Screen Shot 2014-01-30 at 5.00.01 PM.png
84 kB
30/Jan/14 4:10 PM

Activity

People

Assignee:

Logstash Developers (Inactive)

Reporter:

Kwan Lee

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

30/Jan/14 4:10 PM

Updated:

30/Jan/14 4:13 PM

Resolved:

30/Jan/14 4:13 PM