poorejc commented on issue #243:
URL:
https://github.com/apache/incubator-flagon-useralejs/issues/243#issuecomment-1107691833
Update:
This might be a `grokparsefailure` on tags that we add to logs with `grok`
in logstash.conf.
We parse the semantic version string of `useraleVersion` and `toolVersion`
and add additional fields. However, it looks like only `useraleVersion` is
being correctly parsed (I honestly can't remember why we're parsing
this)--you'll see these fields in LogStash as `minor_version`,
`patch_version`... and so forth. There should also be a `tool_minor_version`
and `tool_patch_version`... not so. I see `grokparsefailure` messages. It could
be the 3 `null` entries are failed tags. Note that they fall outside of the log
payload braces...
It could be other tags that LogStash adds by default for ELK indexing that
`grok` filters are being applied to. Here's a message I see, for example:
```
{
"tags" => [
[0] "_grokparsefailure"
],
"@timestamp" => 2022-04-24T02:07:34.612Z,
"port" => ,
"host" => "gateway"
}
```
We also `mutate` logs to remove headers, for example. However, these
wouldn't be a part of the `message` payload. Not sure if that would result in
the message you're seeing...
This is my best guess at this point without more information about how that
log was generated (at exactly which stage in the pipeline you're looking), and
what the consequences of the parsing failure is (dropped log, dropped field,
etc.).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
