I've made a couple of custom filters before as you can see in my filters.conf that I have attached.
But this barracuda filter refuses to parse. I keep getting
_grokparsefailure.
If I try the filter with this line in stdin it works.
$ sudo /opt/logstash/bin/logstash -e 'filter{ grok{match => [ "message",
"%{BARRACUDAEVENT}" ] add_field => [ "type", "barracuda" ] }}'
<23>Dec 5 10:14:53 mgw04.hostname.se outbound/smtp: 127.0.0.1
1417770891-042aaf5c1b019a0001-sxfhsE 0 0 SEND - 1 39E612187BC 250 2.6.0
<[email protected]> [InternalId=3354846] Queued mail
for delivery #to#10.57.127.20
I have also attached the filter in question.
I get no errors in logstash logs indicating what could be wrong with my
filter so I hope the community can help me.
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/29cb9c60-ee17-42ae-8d9e-c5e5e71b67d5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
filters.conf.j2
Description: Binary data
barracuda_mailfilter.grok
Description: Binary data
