poorejc commented on issue #243: URL: https://github.com/apache/incubator-flagon-useralejs/issues/243#issuecomment-1107691833
Update: This might be a `grokparsefailure` on tags that we add to logs with `grok` in logstash.conf. We parse the semantic version string of `useraleVersion` and `toolVersion` and add additional fields. However, it looks like only `useraleVersion` is being correctly parsed (I honestly can't remember why we're parsing this)--you'll see these fields in LogStash as `minor_version`, `patch_version`... and so forth. There should also be a `tool_minor_version` and `tool_patch_version`... not so. I see `grokparsefailure` messages. It could be the 3 `null` entries are failed tags. Note that they fall outside of the log payload braces... It could be other tags that LogStash adds by default for ELK indexing that `grok` filters are being applied to. Here's a message I see, for example: ``` { "tags" => [ [0] "_grokparsefailure" ], "@timestamp" => 2022-04-24T02:07:34.612Z, "port" => , "host" => "gateway" } ``` We also `mutate` logs to remove headers, for example. However, these wouldn't be a part of the `message` payload. Not sure if that would result in the message you're seeing... This is my best guess at this point without more information about how that log was generated (at exactly which stage in the pipeline you're looking), and what the consequences of the parsing failure is (dropped log, dropped field, etc.). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@flagon.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org