2

I have a fluentd forwarder which gives following error:

2018-02-08 13:07:05 +0000 [warn]: pattern not match: "192.168.6.121 - - [08/Feb/2018:18:37:05 +0530] \"POST /shorten HTTP/1.1\" 200 496 \"-\" \"-\" 6"

Following is the content of source block in td-agent.conf file 

<source>
  @type tail
  path /var/log/xyz.log
  pos_file /var/log/td-agent/xyz.log.pos
  tag xyz.url
  format  /(?<host>[\S]) \[(?<timestamp>.+)\] "(?<method>[\S]+) (?<path>[\S]+) (?<http>[\S]+)" (?<respcode>[\S]+) (?<resptime>[\S]) "(?<un1>[\S])" "(?<agent>.+)" (?<un2>[\S])/
</source>

I have checked the regex by taking a sample log file on https://www.debuggex.com/

Do I really have to provide a regex? Can't I just tell fluentd to take complete log line as a raw message?

Any help would be appreciated.

drishti ahuja
  • 1,379
  • 2
  • 15
  • 26

1 Answers1

1

Basically, it is not an error, but only a warning and with that warning you can not be able use filter section or may be forwarder which you are trying to use. For more information about resolving this pattern not match warning, you can see the answer that has been already given. https://stackoverflow.com/a/53369449/7486447

ARKhan
  • 1,724
  • 22
  • 30