Can you provide an example of a syslog line that fails? Clean of personal data of course. Also what is your parser configuration?
On February 25, 2020 at 01:05:00, updates on tube (abrahamfik...@gmail.com) wrote: On 2020/02/24 19:31:36, Michael Miklavcic <michael.miklav...@gmail.com> wrote: br/>> That's how we route errors. Looks like the syslog parser had trouble with > one of your syslog messages > br/>> On Mon, FFeb 24, 2020, 5:41 AM updates on tube < abrahamfik...@gmail.com> > wrote: > br/>> > i get such error on kibana dashboard no errror in storm > > com.github.palindromicity.syslog.dsl.ParseException: Syntax error @ 1:0 no > > viable alternative at input 'F' > > at > > com.github.palindromicity.syslog.dsl.DefaultErrorListener.syntaxError(DefaultErrorListener.java:33) > > at > > org.antlr.v4.runtime.ProxyErrorListener.syntaxError(ProxyErrorListener.java:65) > > at > > org.antlr.v4.runtime.Parser.notifyErrorListeners(Parser.java:558) > > at > > org.antlr.v4.runtime.DefaultErrorStrategy.reportNoViableAlternative(DefaultErrorStrategy.java:310) > > at > > org.antlr.v4.runtime.DefaultErrorStrategy.reportError(DefaultErrorStrategy.java:147) > > at > > com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.header(Rfc5424Parser.java:412) > > at > > com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.syslog_msg(Rfc5424Parser.java:273) > > at > > com.github.palindromicity.syslog.Rfc5424SyslogParser.parseLine(Rfc5424SyslogParser.java:66) > > at > > com.github.palindromicity.syslog.AbstractSyslogParser.lambda$parseLines$0(AbstractSyslogParser.java:144) > > at java.util.ArrayList.forEach(ArrayList.java:1249) > > at > > com.github.palindromicity.syslog.AbstractSyslogParser.parseLines(AbstractSyslogParser.java:142) > > at > > org.apache.metron.parsers.syslog.BaseSyslogParser.parseOptionalResult(BaseSyslogParser.java:116) > > at > > org.apache.metron.parsers.ParserRunnerImpl.execute(ParserRunnerImpl.java:144) > > at > > org.apache.metron.parsers.bolt.ParserBolt.execute(ParserBolt.java:257) > > at > > org.apache.storm.daemon.executor$fn__10195$tuple_action_fn__10197.invoke(executor.clj:735) > > at > > org.apache.storm.daemon.executor$mk_task_receiver$fn__10114.invoke(executor.clj:466) > > at > > org.apache.storm.disruptor$clojure_handler$reify__4137.onEvent(disruptor.clj:40) > > at > > org.apache.storm.utils.DisruptorQueue.consumeBatchToCursor(DisruptorQueue.java:472) > > at > > org.apache.storm.utils.DisruptorQueue.consumeBatchWhenAvailable(DisruptorQueue.java:451) > > at > > org.apache.storm.disruptor$consume_batch_when_available.invoke(disruptor.clj:73) > > at > > org.apache.storm.daemon.executor$fn__10195$fn__10208$fn__10263.invoke(executor.clj:855) > > at org.apache.storm.util$async_loop$fn__1221.invoke(util.clj:484) > > at clojure.lang.AFn.run(AFn.java:22) > > at java.lang.Thread.run(Thread.java:745) > > Caused by: org.antlr.v4.runtime.NoViableAltException > > at > > org.antlr.v4.runtime.atn.ParserATNSimulator.noViableAlt(ParserATNSimulator.java:1894) > > at > > org.antlr.v4.runtime.atn.ParserATNSimulator.execATN(ParserATNSimulator.java:498) > > at > > org.antlr.v4.runtime.atn.ParserATNSimulator.adaptivePredict(ParserATNSimulator.java:424) > > at > > com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.header(Rfc5424Parser.java:373) > > ... 18 more > > > > > > > > okay so my log file look like this found in /var/log/messages centos os 7 Feb 25 00:54:55 master3 dbus[1615]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher' Feb 25 00:54:55 master3 systemd: Started Network Manager Script Dispatcher Service. Feb 25 00:54:55 master3 nm-dispatcher: req:1 'dhcp4-change' [eth0]: new request (5 scripts) Feb 25 00:54:55 master3 nm-dispatcher: req:1 'dhcp4-change' [eth0]: start running ordered scripts... Feb 25 00:55:23 master3 su: (to root) root on none Feb 25 00:55:23 master3 systemd: Started Session c212834 of user root. Feb 25 00:55:28 master3 su: (to kibana) root on none Feb 25 00:55:28 master3 systemd: Created slice User Slice of kibana. Feb 25 00:55:28 master3 systemd: Started Session c212835 of user kibana. Feb 25 00:55:28 master3 /etc/init.d/kibana: kibana is running Feb 25 00:55:28 master3 systemd: Removed slice User Slice of kibana. Feb 25 00:55:39 master3 su: (to metron) root on none and i use parser as follow that works in http://grokdebug.herokuapp.com/ but not in metron; (?:%{SYSLOGTIMESTAMP:timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG} br/>what should I do?? br/>
