here is the example log of my server:
2023-07-14 16:33:58.464 [traceId:] [http-nio-9013-exec-10] INFO com.tlx.usercenter.socket.service.WebSocketServer - websocket disconnect!
i use follow grok format:
grok {
match => { "message" => "(?<logTime>\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2}.\d{3})\s+\[(? <traceId>\S*)\]\s+\[(?<thread>.*)\]\s+(?<level>\w*)\s+(?<class>\S*)\s+\-\s+(?<content>.*)" }
}
and logstash's log is following:
{
"tags" => [
[0] "multiline",
[1] "_grokparsefailure"
],
"level" => "INFO",
"message" => "【websocket服务端】连接断开,总数为:1",
"applicationName" => "log-user-center",
"port" => 38058,
"thread_name" => "http-nio-9013-exec-10",
"logger_name" => "com.tlx.usercenter.socket.service.WebSocketServer",
"@timestamp" => 2023-07-14T08:33:58.464Z,
"host" => "gateway"
}
i dont know why tips "_grokparsefailure", i already use grok debugger test it and no problem,but i can not get the result which i want,there is no "content" property in logstash log
l want get the correct result which has property like "content"..etc
