Grok filter fails

Description

Hi,

I'm trying to setup logstash and make it parsing custom nginx error logs. It worked fine with grep pattern:

grep {
type => "nginx-error"
match => ["@message", "PHP Fatal error"]
add_tag => "phpfatalerror"
}

But when I switched to grok - it stopped to work, logstash keeps silence as to what is going wrong:

input {
tcp {
type => "nginx-error"
port => 5401
}
}

filter {
grok {
type => "nginx-error"
pattern => "%{TIME:time} [error] [0-9]#[0-9]: *[0-9]+ FastCGI sent in stderr: %{QS:message} while reading response header from upstream, client: %{IP:clientip}, server: _, request: %{QS:request}, upstream: %{QS:upstream}, host: %{QS:tenantdomain}"
}
}

output {
elasticsearch { embedded => true }
}

Example record:

00:03:11 [error] 5796#0: *106831702 FastCGI sent in stderr: "PHP message: PHP Fatal error: Procedure 'procedureName' not present in /full/linux/path on line 830" while reading response header from upstream, client: ip-addr, server: _, request: "POST //index HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "domain.com"

Activity

Show:
Eugene Taranov
January 22, 2013, 6:20 PM

sorry, infrastructure related issue

Assignee

Logstash Developers

Reporter

Eugene Taranov

Labels

Affects versions

Configure