but i can't get the parser?
On 2020/02/27 12:13:35, Otto Fowler <[email protected]> wrote: > Parsing this messages works with the Syslog3164Parser. Maybe you could > use that. > > On February 27, 2020 at 02:03:50, updates on tube ([email protected]) > wrote: > > > ############# I really apriciate your quick responses.. please tell us the > valid grok patterns for such kind of log #################### > # this is my parser configuration > { > "parserClassName": "org.apache.metron.parsers.GrokParser", > "sensorTopic": "linuxsyslog", > "parserConfig": { > "grokPath": "/apps/metron/patterns/linuxsyslog", > "patternLabel": "SYSLOGBASE2", > "timestampField": "timestamp" > }, > > "fieldTransformations" : [ > > { > > "transformation" : "STELLAR" > ,"output" : [ "full_hostname", "domain_without_subdomains" ] > ,"config" : { > "full_hostname" : "URL_TO_HOST(url)" > ,"domain_without_subdomains" : "DOMAIN_REMOVE_SUBDOMAINS(full_hostname)" > } > } > ] > > } > > # this is my grok pattern > (?:%{SYSLOGTIMESTAMP:timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) > (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG} > > > #this is the sample log that couse cause error br/> FFeb 16 08:00:23 > myhostname NetworkManager[1686]: <info> [1581858023.4306] dhcp4 (eth0): > address xxx.xxx.xxx.xxx > Feb 16 08:00:23 myhostname dhclient[1710]: DHCPREQUEST on eth0 to > xxx.xxx.xxx.xxx port 67 (xid=0x170e0b99) > > > #this is the error message found in kibana > Syntax error @ 1:0 no viable alternative at input 'F' > > # detail error found in kibana shows as follow > com.github.palindromicity.syslog.dsl.ParseException: Syntax error @ 1:0 no > viable alternative at input 'F' > at > com.github.palindromicity.syslog.dsl.DefaultErrorListener.syntaxError(DefaultErrorListener.java:33) > > at > org.antlr.v4.runtime.ProxyErrorListener.syntaxError(ProxyErrorListener.java:65) > > at org.antlr.v4.runtime.Parser.notifyErrorListeners(Parser.java:558) > at > org.antlr.v4.runtime.DefaultErrorStrategy.reportNoViableAlternative(DefaultErrorStrategy.java:310) > > at > org.antlr.v4.runtime.DefaultErrorStrategy.reportError(DefaultErrorStrategy.java:147) > > at > com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.header(Rfc5424Parser.java:412) > > at > com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.syslog_msg(Rfc5424Parser.java:273) > > at > com.github.palindromicity.syslog.Rfc5424SyslogParser.parseLine(Rfc5424SyslogParser.java:66) > > at > com.github.palindromicity.syslog.AbstractSyslogParser.lambda$parseLines$0(AbstractSyslogParser.java:144) > > at java.util.ArrayList.forEach(ArrayList.java:1249) > at > com.github.palindromicity.syslog.AbstractSyslogParser.parseLines(AbstractSyslogParser.java:142) > > at > org.apache.metron.parsers.syslog.BaseSyslogParser.parseOptionalResult(BaseSyslogParser.java:116) > > at > org.apache.metron.parsers.ParserRunnerImpl.execute(ParserRunnerImpl.java:144) > > at org.apache.metron.parsers.bolt.ParserBolt.execute(ParserBolt.java:257) > at > org.apache.storm.daemon.executor$fn__10195$tuple_action_fn__10197.invoke(executor.clj:735) > > at > org.apache.storm.daemon.executor$mk_task_receiver$fn__10114.invoke(executor.clj:466) > > at > org.apache.storm.disruptor$clojure_handler$reify__4137.onEvent(disruptor.clj:40) > > at > org.apache.storm.utils.DisruptorQueue.consumeBatchToCursor(DisruptorQueue.java:472) > > at > org.apache.storm.utils.DisruptorQueue.consumeBatchWhenAvailable(DisruptorQueue.java:451) > > at > org.apache.storm.disruptor$consume_batch_when_available.invoke(disruptor.clj:73) > > at > org.apache.storm.daemon.executor$fn__10195$fn__10208$fn__10263.invoke(executor.clj:855) > > at org.apache.storm.util$async_loop$fn__1221.invoke(util.clj:484) > at clojure.lang.AFn.run(AFn.java:22) > at java.lang.Thread.run(Thread.java:745) > Caused by: org.antlr.v4.runtime.NoViableAltException > at > org.antlr.v4.runtime.atn.ParserATNSimulator.noViableAlt(ParserATNSimulator.java:1894) > > at > org.antlr.v4.runtime.atn.ParserATNSimulator.execATN(ParserATNSimulator.java:498) > > at > org.antlr.v4.runtime.atn.ParserATNSimulator.adaptivePredict(ParserATNSimulator.java:424) > > at > com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.header(Rfc5424Parser.java:373) > > ... 18 more > br/> br/> < > > On 2020/02/24 19:31:36, Michael Miklavcic <[email protected]> > wrote: br/>> That's how we route errors. Looks like the syslog parser had > trouble with > > one of your syslog messages > > br/>> On Mon, FFeb 24, 2020, 5:41 AM updates on tube < > [email protected]> > > wrote: > > br/>> > i get such error on kibana dashboard no errror in storm > > > com.github.palindromicity.syslog.dsl.ParseException: Syntax error @ 1:0 > no > > > viable alternative at input 'F' > > > at > > > > com.github.palindromicity.syslog.dsl.DefaultErrorListener.syntaxError(DefaultErrorListener.java:33) > > > > at > > > > org.antlr.v4.runtime.ProxyErrorListener.syntaxError(ProxyErrorListener.java:65) > > > > at > > > org.antlr.v4.runtime.Parser.notifyErrorListeners(Parser.java:558) > > > at > > > > org.antlr.v4.runtime.DefaultErrorStrategy.reportNoViableAlternative(DefaultErrorStrategy.java:310) > > > > at > > > > org.antlr.v4.runtime.DefaultErrorStrategy.reportError(DefaultErrorStrategy.java:147) > > > > at > > > > com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.header(Rfc5424Parser.java:412) > > > > at > > > > com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.syslog_msg(Rfc5424Parser.java:273) > > > > at > > > > com.github.palindromicity.syslog.Rfc5424SyslogParser.parseLine(Rfc5424SyslogParser.java:66) > > > > at > > > > com.github.palindromicity.syslog.AbstractSyslogParser.lambda$parseLines$0(AbstractSyslogParser.java:144) > > > > at java.util.ArrayList.forEach(ArrayList.java:1249) > > > at > > > > com.github.palindromicity.syslog.AbstractSyslogParser.parseLines(AbstractSyslogParser.java:142) > > > > at > > > > org.apache.metron.parsers.syslog.BaseSyslogParser.parseOptionalResult(BaseSyslogParser.java:116) > > > > at > > > > org.apache.metron.parsers.ParserRunnerImpl.execute(ParserRunnerImpl.java:144) > > > > at > > > org.apache.metron.parsers.bolt.ParserBolt.execute(ParserBolt.java:257) > > > at > > > > org.apache.storm.daemon.executor$fn__10195$tuple_action_fn__10197.invoke(executor.clj:735) > > > > at > > > > org.apache.storm.daemon.executor$mk_task_receiver$fn__10114.invoke(executor.clj:466) > > > > at > > > > org.apache.storm.disruptor$clojure_handler$reify__4137.onEvent(disruptor.clj:40) > > > > at > > > > org.apache.storm.utils.DisruptorQueue.consumeBatchToCursor(DisruptorQueue.java:472) > > > > at > > > > org.apache.storm.utils.DisruptorQueue.consumeBatchWhenAvailable(DisruptorQueue.java:451) > > > > at > > > > org.apache.storm.disruptor$consume_batch_when_available.invoke(disruptor.clj:73) > > > > at > > > > org.apache.storm.daemon.executor$fn__10195$fn__10208$fn__10263.invoke(executor.clj:855) > > > > at org.apache.storm.util$async_loop$fn__1221.invoke(util.clj:484) > > > at clojure.lang.AFn.run(AFn.java:22) > > > at java.lang.Thread.run(Thread.java:745) > > > Caused by: org.antlr.v4.runtime.NoViableAltException > > > at > > > > org.antlr.v4.runtime.atn.ParserATNSimulator.noViableAlt(ParserATNSimulator.java:1894) > > > > at > > > > org.antlr.v4.runtime.atn.ParserATNSimulator.execATN(ParserATNSimulator.java:498) > > > > at > > > > org.antlr.v4.runtime.atn.ParserATNSimulator.adaptivePredict(ParserATNSimulator.java:424) > > > > at > > > > com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.header(Rfc5424Parser.java:373) > > > > ... 18 more > > > > > > > > > > > > > > br/> > > ; >
