Logstash grok for apache error logs does not work as expected

Description

When using the following configuration file and logs, apache-access works fine, but apache-error gives an error with the tag "_grokparsefailure"

Activity

Show:
Jordan Sissel
August 21, 2012, 7:19 AM
Edited

The timestamp in your log '[Mon Feb 06 12:17:31 2012]' does not match the grok pattern you gave,

HTTPDATE pattern matches the form 'day/month/year:hour:minute:second tzoffset'

Jordan Sissel
August 21, 2012, 7:21 AM

Closing, but if you need more help getting specific grok patterns to work, I'm happy to help. IRC, mailing list, or this ticket forum are fine with me.

If you're still having issues, feel free to reopen.

For what it's worth, I know working with grok is confusing sometimes, so I'm working on tools to help make using grok and debugging failures easier.

Assignee

Jordan Sissel

Reporter

Ryan Gooler

Labels

None

Affects versions

Configure