Skip to content

Instantly share code, notes, and snippets.

@philippkahr

philippkahr/debug.log Secret

Created March 24, 2021 08:11
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save philippkahr/f806f845f2fe2e30755523fa4de7b616 to your computer and use it in GitHub Desktop.
Save philippkahr/f806f845f2fe2e30755523fa4de7b616 to your computer and use it in GitHub Desktop.
Download ZIP
logstash datetime errors
Raw
debug.log
Using bundled JDK: /Users/philipp/Downloads/logstash-7.11.2/jdk.app/Contents/Home
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
Sending Logstash logs to /Users/philipp/Downloads/logstash-7.11.2/logs which is now configured via log4j2.properties
[2021-03-24T09:08:24,283][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.11.2", "jruby.version"=>"jruby 9.2.13.0 (2.5.7) 2020-08-03 9a89c94bcc OpenJDK 64-Bit Server VM 11.0.8+10 on 11.0.8+10 +indy +jit [darwin-x86_64]"}
[2021-03-24T09:08:24,400][DEBUG][logstash.modules.scaffold] Found module {:module_name=>"netflow", :directory=>"/Users/philipp/Downloads/logstash-7.11.2/modules/netflow/configuration"}
[2021-03-24T09:08:24,404][DEBUG][logstash.plugins.registry] Adding plugin to the registry {:name=>"netflow", :type=>:modules, :class=>#<LogStash::Modules::Scaffold:0x605694dc @directory="/Users/philipp/Downloads/logstash-7.11.2/modules/netflow/configuration", @module_name="netflow", @kibana_version_parts=["6", "0", "0"]>}
[2021-03-24T09:08:24,407][DEBUG][logstash.modules.scaffold] Found module {:module_name=>"fb_apache", :directory=>"/Users/philipp/Downloads/logstash-7.11.2/modules/fb_apache/configuration"}
[2021-03-24T09:08:24,409][DEBUG][logstash.plugins.registry] Adding plugin to the registry {:name=>"fb_apache", :type=>:modules, :class=>#<LogStash::Modules::Scaffold:0x115e7c5e @directory="/Users/philipp/Downloads/logstash-7.11.2/modules/fb_apache/configuration", @module_name="fb_apache", @kibana_version_parts=["6", "0", "0"]>}
[2021-03-24T09:08:24,454][DEBUG][logstash.runner ] -------- Logstash Settings (* means modified) ---------
[2021-03-24T09:08:24,456][DEBUG][logstash.runner ] node.name: "TAG-499.local"
[2021-03-24T09:08:24,457][DEBUG][logstash.runner ] *path.config: "../config/logstash-sample.conf"
[2021-03-24T09:08:24,459][DEBUG][logstash.runner ] path.data: "/Users/philipp/Downloads/logstash-7.11.2/data"
[2021-03-24T09:08:24,460][DEBUG][logstash.runner ] modules.cli: <Java::OrgLogstashUtil::ModulesSettingArray:1 []>
[2021-03-24T09:08:24,461][DEBUG][logstash.runner ] modules: []
[2021-03-24T09:08:24,462][DEBUG][logstash.runner ] modules_list: []
[2021-03-24T09:08:24,466][DEBUG][logstash.runner ] modules_variable_list: []
[2021-03-24T09:08:24,467][DEBUG][logstash.runner ] modules_setup: false
[2021-03-24T09:08:24,469][DEBUG][logstash.runner ] config.test_and_exit: false
[2021-03-24T09:08:24,470][DEBUG][logstash.runner ] config.reload.automatic: false
[2021-03-24T09:08:24,471][DEBUG][logstash.runner ] config.reload.interval: #<Java::OrgLogstashUtil::TimeValue:0x1235d778>
[2021-03-24T09:08:24,472][DEBUG][logstash.runner ] config.support_escapes: false
[2021-03-24T09:08:24,473][DEBUG][logstash.runner ] config.field_reference.parser: "STRICT"
[2021-03-24T09:08:24,474][DEBUG][logstash.runner ] metric.collect: true
[2021-03-24T09:08:24,475][DEBUG][logstash.runner ] pipeline.id: "main"
[2021-03-24T09:08:24,476][DEBUG][logstash.runner ] pipeline.system: false
[2021-03-24T09:08:24,477][DEBUG][logstash.runner ] pipeline.workers: 12
[2021-03-24T09:08:24,478][DEBUG][logstash.runner ] pipeline.batch.size: 125
[2021-03-24T09:08:24,479][DEBUG][logstash.runner ] pipeline.batch.delay: 50
[2021-03-24T09:08:24,480][DEBUG][logstash.runner ] pipeline.unsafe_shutdown: false
[2021-03-24T09:08:24,481][DEBUG][logstash.runner ] pipeline.java_execution: true
[2021-03-24T09:08:24,482][DEBUG][logstash.runner ] pipeline.reloadable: true
[2021-03-24T09:08:24,483][DEBUG][logstash.runner ] pipeline.plugin_classloaders: false
[2021-03-24T09:08:24,484][DEBUG][logstash.runner ] pipeline.separate_logs: false
[2021-03-24T09:08:24,485][DEBUG][logstash.runner ] pipeline.ordered: "auto"
[2021-03-24T09:08:24,486][DEBUG][logstash.runner ] pipeline.ecs_compatibility: "disabled"
[2021-03-24T09:08:24,486][DEBUG][logstash.runner ] path.plugins: []
[2021-03-24T09:08:24,487][DEBUG][logstash.runner ] config.debug: false
[2021-03-24T09:08:24,488][DEBUG][logstash.runner ] *log.level: "debug" (default: "info")
[2021-03-24T09:08:24,489][DEBUG][logstash.runner ] version: false
[2021-03-24T09:08:24,490][DEBUG][logstash.runner ] help: false
[2021-03-24T09:08:24,491][DEBUG][logstash.runner ] log.format: "plain"
[2021-03-24T09:08:24,491][DEBUG][logstash.runner ] http.enabled: true
[2021-03-24T09:08:24,493][DEBUG][logstash.runner ] http.host: "127.0.0.1"
[2021-03-24T09:08:24,494][DEBUG][logstash.runner ] http.port: 9600..9700
[2021-03-24T09:08:24,494][DEBUG][logstash.runner ] http.environment: "production"
[2021-03-24T09:08:24,495][DEBUG][logstash.runner ] queue.type: "memory"
[2021-03-24T09:08:24,496][DEBUG][logstash.runner ] queue.drain: false
[2021-03-24T09:08:24,497][DEBUG][logstash.runner ] queue.page_capacity: 67108864
[2021-03-24T09:08:24,498][DEBUG][logstash.runner ] queue.max_bytes: 1073741824
[2021-03-24T09:08:24,498][DEBUG][logstash.runner ] queue.max_events: 0
[2021-03-24T09:08:24,499][DEBUG][logstash.runner ] queue.checkpoint.acks: 1024
[2021-03-24T09:08:24,500][DEBUG][logstash.runner ] queue.checkpoint.writes: 1024
[2021-03-24T09:08:24,501][DEBUG][logstash.runner ] queue.checkpoint.interval: 1000
[2021-03-24T09:08:24,502][DEBUG][logstash.runner ] queue.checkpoint.retry: false
[2021-03-24T09:08:24,503][DEBUG][logstash.runner ] dead_letter_queue.enable: false
[2021-03-24T09:08:24,504][DEBUG][logstash.runner ] dead_letter_queue.max_bytes: 1073741824
[2021-03-24T09:08:24,504][DEBUG][logstash.runner ] dead_letter_queue.flush_interval: 5000
[2021-03-24T09:08:24,505][DEBUG][logstash.runner ] slowlog.threshold.warn: #<Java::OrgLogstashUtil::TimeValue:0x27a93cfa>
[2021-03-24T09:08:24,506][DEBUG][logstash.runner ] slowlog.threshold.info: #<Java::OrgLogstashUtil::TimeValue:0x6771c4d8>
[2021-03-24T09:08:24,507][DEBUG][logstash.runner ] slowlog.threshold.debug: #<Java::OrgLogstashUtil::TimeValue:0x4f3bc463>
[2021-03-24T09:08:24,507][DEBUG][logstash.runner ] slowlog.threshold.trace: #<Java::OrgLogstashUtil::TimeValue:0x44ca5127>
[2021-03-24T09:08:24,508][DEBUG][logstash.runner ] keystore.classname: "org.logstash.secret.store.backend.JavaKeyStore"
[2021-03-24T09:08:24,509][DEBUG][logstash.runner ] keystore.file: "/Users/philipp/Downloads/logstash-7.11.2/config/logstash.keystore"
[2021-03-24T09:08:24,510][DEBUG][logstash.runner ] path.queue: "/Users/philipp/Downloads/logstash-7.11.2/data/queue"
[2021-03-24T09:08:24,511][DEBUG][logstash.runner ] path.dead_letter_queue: "/Users/philipp/Downloads/logstash-7.11.2/data/dead_letter_queue"
[2021-03-24T09:08:24,512][DEBUG][logstash.runner ] path.settings: "/Users/philipp/Downloads/logstash-7.11.2/config"
[2021-03-24T09:08:24,513][DEBUG][logstash.runner ] path.logs: "/Users/philipp/Downloads/logstash-7.11.2/logs"
[2021-03-24T09:08:24,513][DEBUG][logstash.runner ] xpack.management.enabled: false
[2021-03-24T09:08:24,514][DEBUG][logstash.runner ] xpack.management.logstash.poll_interval: #<Java::OrgLogstashUtil::TimeValue:0x2fb05142>
[2021-03-24T09:08:24,515][DEBUG][logstash.runner ] xpack.management.pipeline.id: ["main"]
[2021-03-24T09:08:24,515][DEBUG][logstash.runner ] xpack.management.elasticsearch.username: "logstash_system"
[2021-03-24T09:08:24,516][DEBUG][logstash.runner ] xpack.management.elasticsearch.hosts: ["https://localhost:9200"]
[2021-03-24T09:08:24,517][DEBUG][logstash.runner ] xpack.management.elasticsearch.ssl.verification_mode: "certificate"
[2021-03-24T09:08:24,517][DEBUG][logstash.runner ] xpack.management.elasticsearch.sniffing: false
[2021-03-24T09:08:24,518][DEBUG][logstash.runner ] xpack.monitoring.enabled: false
[2021-03-24T09:08:24,519][DEBUG][logstash.runner ] xpack.monitoring.elasticsearch.hosts: ["http://localhost:9200"]
[2021-03-24T09:08:24,520][DEBUG][logstash.runner ] xpack.monitoring.collection.interval: #<Java::OrgLogstashUtil::TimeValue:0x50099588>
[2021-03-24T09:08:24,521][DEBUG][logstash.runner ] xpack.monitoring.collection.timeout_interval: #<Java::OrgLogstashUtil::TimeValue:0x711534f7>
[2021-03-24T09:08:24,521][DEBUG][logstash.runner ] xpack.monitoring.elasticsearch.username: "logstash_system"
[2021-03-24T09:08:24,522][DEBUG][logstash.runner ] xpack.monitoring.elasticsearch.ssl.verification_mode: "certificate"
[2021-03-24T09:08:24,522][DEBUG][logstash.runner ] xpack.monitoring.elasticsearch.sniffing: false
[2021-03-24T09:08:24,523][DEBUG][logstash.runner ] xpack.monitoring.collection.pipeline.details.enabled: true
[2021-03-24T09:08:24,524][DEBUG][logstash.runner ] xpack.monitoring.collection.config.enabled: true
[2021-03-24T09:08:24,524][DEBUG][logstash.runner ] monitoring.enabled: false
[2021-03-24T09:08:24,525][DEBUG][logstash.runner ] monitoring.elasticsearch.hosts: ["http://localhost:9200"]
[2021-03-24T09:08:24,525][DEBUG][logstash.runner ] monitoring.collection.interval: #<Java::OrgLogstashUtil::TimeValue:0x2bbadc1>
[2021-03-24T09:08:24,526][DEBUG][logstash.runner ] monitoring.collection.timeout_interval: #<Java::OrgLogstashUtil::TimeValue:0x68bfaa16>
[2021-03-24T09:08:24,527][DEBUG][logstash.runner ] monitoring.elasticsearch.username: "logstash_system"
[2021-03-24T09:08:24,527][DEBUG][logstash.runner ] monitoring.elasticsearch.ssl.verification_mode: "certificate"
[2021-03-24T09:08:24,528][DEBUG][logstash.runner ] monitoring.elasticsearch.sniffing: false
[2021-03-24T09:08:24,528][DEBUG][logstash.runner ] monitoring.collection.pipeline.details.enabled: true
[2021-03-24T09:08:24,529][DEBUG][logstash.runner ] monitoring.collection.config.enabled: true
[2021-03-24T09:08:24,530][DEBUG][logstash.runner ] node.uuid: ""
[2021-03-24T09:08:24,530][DEBUG][logstash.runner ] --------------- Logstash Settings -------------------
[2021-03-24T09:08:24,595][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2021-03-24T09:08:24,626][DEBUG][logstash.agent ] Setting up metric collection
[2021-03-24T09:08:24,663][DEBUG][logstash.instrument.periodicpoller.os] Starting {:polling_interval=>5, :polling_timeout=>120}
[2021-03-24T09:08:24,671][DEBUG][logstash.instrument.periodicpoller.cgroup] One or more required cgroup files or directories not found: /proc/self/cgroup, /sys/fs/cgroup/cpuacct, /sys/fs/cgroup/cpu
[2021-03-24T09:08:24,764][DEBUG][logstash.instrument.periodicpoller.jvm] Starting {:polling_interval=>5, :polling_timeout=>120}
[2021-03-24T09:08:24,839][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ParNew"}
[2021-03-24T09:08:24,844][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ConcurrentMarkSweep"}
[2021-03-24T09:08:24,855][DEBUG][logstash.instrument.periodicpoller.persistentqueue] Starting {:polling_interval=>5, :polling_timeout=>120}
[2021-03-24T09:08:24,864][DEBUG][logstash.instrument.periodicpoller.deadletterqueue] Starting {:polling_interval=>5, :polling_timeout=>120}
[2021-03-24T09:08:24,905][DEBUG][logstash.agent ] Starting agent
[2021-03-24T09:08:24,958][DEBUG][logstash.config.source.local.configpathloader] Skipping the following files while reading config since they don't match the specified glob pattern {:files=>["/Users/philipp/Downloads/logstash-7.11.2/config/custompattern", "/Users/philipp/Downloads/logstash-7.11.2/config/jvm.options", "/Users/philipp/Downloads/logstash-7.11.2/config/log4j2.properties", "/Users/philipp/Downloads/logstash-7.11.2/config/logstash.yml", "/Users/philipp/Downloads/logstash-7.11.2/config/pipelines.yml", "/Users/philipp/Downloads/logstash-7.11.2/config/startup.options"]}
[2021-03-24T09:08:24,960][DEBUG][logstash.config.source.local.configpathloader] Reading config file {:config_file=>"/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf"}
[2021-03-24T09:08:24,994][DEBUG][logstash.agent ] Converging pipelines state {:actions_count=>1}
[2021-03-24T09:08:25,001][DEBUG][logstash.agent ] Executing action {:action=>LogStash::PipelineAction::Create/pipeline_id:main}
[2021-03-24T09:08:25,656][DEBUG][org.logstash.secret.store.SecretStoreFactory] Attempting to exists or secret store with implementation: org.logstash.secret.store.backend.JavaKeyStore
[2021-03-24T09:08:26,124][DEBUG][org.reflections.Reflections] going to scan these urls:
jar:file:/Users/philipp/Downloads/logstash-7.11.2/logstash-core/lib/jars/logstash-core.jar!/
[2021-03-24T09:08:26,181][INFO ][org.reflections.Reflections] Reflections took 54 ms to scan 1 urls, producing 23 keys and 47 values
[2021-03-24T09:08:26,191][DEBUG][org.reflections.Reflections] expanded subtype co.elastic.logstash.api.Plugin -> co.elastic.logstash.api.Codec
[2021-03-24T09:08:26,192][DEBUG][org.reflections.Reflections] expanded subtype co.elastic.logstash.api.Plugin -> co.elastic.logstash.api.Input
[2021-03-24T09:08:26,193][DEBUG][org.reflections.Reflections] expanded subtype org.jruby.RubyBasicObject -> org.jruby.RubyObject
[2021-03-24T09:08:26,193][DEBUG][org.reflections.Reflections] expanded subtype java.lang.Cloneable -> org.jruby.RubyBasicObject
[2021-03-24T09:08:26,194][DEBUG][org.reflections.Reflections] expanded subtype org.jruby.runtime.builtin.IRubyObject -> org.jruby.RubyBasicObject
[2021-03-24T09:08:26,194][DEBUG][org.reflections.Reflections] expanded subtype java.io.Serializable -> org.jruby.RubyBasicObject
[2021-03-24T09:08:26,195][DEBUG][org.reflections.Reflections] expanded subtype java.lang.Comparable -> org.jruby.RubyBasicObject
[2021-03-24T09:08:26,195][DEBUG][org.reflections.Reflections] expanded subtype org.jruby.runtime.marshal.CoreObjectType -> org.jruby.RubyBasicObject
[2021-03-24T09:08:26,196][DEBUG][org.reflections.Reflections] expanded subtype org.jruby.runtime.builtin.InstanceVariables -> org.jruby.RubyBasicObject
[2021-03-24T09:08:26,196][DEBUG][org.reflections.Reflections] expanded subtype org.jruby.runtime.builtin.InternalVariables -> org.jruby.RubyBasicObject
[2021-03-24T09:08:26,197][DEBUG][org.reflections.Reflections] expanded subtype co.elastic.logstash.api.Plugin -> co.elastic.logstash.api.Output
[2021-03-24T09:08:26,198][DEBUG][org.reflections.Reflections] expanded subtype co.elastic.logstash.api.Metric -> co.elastic.logstash.api.NamespacedMetric
[2021-03-24T09:08:26,198][DEBUG][org.reflections.Reflections] expanded subtype java.security.SecureClassLoader -> java.net.URLClassLoader
[2021-03-24T09:08:26,199][DEBUG][org.reflections.Reflections] expanded subtype java.lang.ClassLoader -> java.security.SecureClassLoader
[2021-03-24T09:08:26,202][DEBUG][org.reflections.Reflections] expanded subtype java.io.Closeable -> java.net.URLClassLoader
[2021-03-24T09:08:26,203][DEBUG][org.reflections.Reflections] expanded subtype java.lang.AutoCloseable -> java.io.Closeable
[2021-03-24T09:08:26,203][DEBUG][org.reflections.Reflections] expanded subtype java.lang.Comparable -> java.lang.Enum
[2021-03-24T09:08:26,204][DEBUG][org.reflections.Reflections] expanded subtype java.io.Serializable -> java.lang.Enum
[2021-03-24T09:08:26,205][DEBUG][org.reflections.Reflections] expanded subtype co.elastic.logstash.api.Plugin -> co.elastic.logstash.api.Filter
[2021-03-24T09:08:26,312][DEBUG][logstash.plugins.registry] On demand adding plugin to the registry {:name=>"file", :type=>"input", :class=>LogStash::Inputs::File}
[2021-03-24T09:08:26,350][DEBUG][logstash.plugins.registry] On demand adding plugin to the registry {:name=>"plain", :type=>"codec", :class=>LogStash::Codecs::Plain}
[2021-03-24T09:08:26,434][DEBUG][logstash.codecs.plain ] config LogStash::Codecs::Plain/@id = "plain_b5ddc4be-98d6-4e54-abc4-2a963bf606b1"
[2021-03-24T09:08:26,435][DEBUG][logstash.codecs.plain ] config LogStash::Codecs::Plain/@enable_metric = true
[2021-03-24T09:08:26,436][DEBUG][logstash.codecs.plain ] config LogStash::Codecs::Plain/@charset = "UTF-8"
[2021-03-24T09:08:26,465][DEBUG][logstash.inputs.file ] config LogStash::Inputs::File/@path = ["/Users/philipp/Downloads/logstash/log/demolog.log"]
[2021-03-24T09:08:26,466][DEBUG][logstash.inputs.file ] config LogStash::Inputs::File/@id = "011c3222d4715af00506e1952db273d5229b5fff28d6251387d9b052fdd8e88b"
[2021-03-24T09:08:26,467][DEBUG][logstash.inputs.file ] config LogStash::Inputs::File/@enable_metric = true
[2021-03-24T09:08:26,471][DEBUG][logstash.inputs.file ] config LogStash::Inputs::File/@codec = <LogStash::Codecs::Plain id=>"plain_b5ddc4be-98d6-4e54-abc4-2a963bf606b1", enable_metric=>true, charset=>"UTF-8">
[2021-03-24T09:08:26,472][DEBUG][logstash.inputs.file ] config LogStash::Inputs::File/@add_field = {}
[2021-03-24T09:08:26,473][DEBUG][logstash.inputs.file ] config LogStash::Inputs::File/@stat_interval = 1.0
[2021-03-24T09:08:26,474][DEBUG][logstash.inputs.file ] config LogStash::Inputs::File/@discover_interval = 15
[2021-03-24T09:08:26,475][DEBUG][logstash.inputs.file ] config LogStash::Inputs::File/@sincedb_write_interval = 15.0
[2021-03-24T09:08:26,475][DEBUG][logstash.inputs.file ] config LogStash::Inputs::File/@start_position = "end"
[2021-03-24T09:08:26,476][DEBUG][logstash.inputs.file ] config LogStash::Inputs::File/@delimiter = "\n"
[2021-03-24T09:08:26,476][DEBUG][logstash.inputs.file ] config LogStash::Inputs::File/@close_older = 3600.0
[2021-03-24T09:08:26,477][DEBUG][logstash.inputs.file ] config LogStash::Inputs::File/@mode = "tail"
[2021-03-24T09:08:26,477][DEBUG][logstash.inputs.file ] config LogStash::Inputs::File/@file_completed_action = "delete"
[2021-03-24T09:08:26,478][DEBUG][logstash.inputs.file ] config LogStash::Inputs::File/@sincedb_clean_after = 1209600.0
[2021-03-24T09:08:26,478][DEBUG][logstash.inputs.file ] config LogStash::Inputs::File/@file_chunk_size = 32768
[2021-03-24T09:08:26,479][DEBUG][logstash.inputs.file ] config LogStash::Inputs::File/@file_chunk_count = 140737488355327
[2021-03-24T09:08:26,479][DEBUG][logstash.inputs.file ] config LogStash::Inputs::File/@file_sort_by = "last_modified"
[2021-03-24T09:08:26,480][DEBUG][logstash.inputs.file ] config LogStash::Inputs::File/@file_sort_direction = "asc"
[2021-03-24T09:08:26,480][DEBUG][logstash.inputs.file ] config LogStash::Inputs::File/@exit_after_read = false
[2021-03-24T09:08:26,481][DEBUG][logstash.inputs.file ] config LogStash::Inputs::File/@check_archive_validity = false
[2021-03-24T09:08:26,518][DEBUG][logstash.plugins.registry] On demand adding plugin to the registry {:name=>"grok", :type=>"filter", :class=>LogStash::Filters::Grok}
[2021-03-24T09:08:26,532][DEBUG][logstash.filters.grok ] config LogStash::Filters::Grok/@match = {"message"=>"%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"}
[2021-03-24T09:08:26,533][DEBUG][logstash.filters.grok ] config LogStash::Filters::Grok/@add_field = {"received_at"=>"%{@timestamp}"}
[2021-03-24T09:08:26,534][DEBUG][logstash.filters.grok ] config LogStash::Filters::Grok/@id = "c643bd5b27ad21ce338e1d2aeae905ecaec6e3fbd97b95fbdca8da8d84e5b278"
[2021-03-24T09:08:26,534][DEBUG][logstash.filters.grok ] config LogStash::Filters::Grok/@patterns_dir = ["/Users/philipp/Downloads/logstash/pipeline/custompattern"]
[2021-03-24T09:08:26,535][DEBUG][logstash.filters.grok ] config LogStash::Filters::Grok/@enable_metric = true
[2021-03-24T09:08:26,535][DEBUG][logstash.filters.grok ] config LogStash::Filters::Grok/@add_tag = []
[2021-03-24T09:08:26,536][DEBUG][logstash.filters.grok ] config LogStash::Filters::Grok/@remove_tag = []
[2021-03-24T09:08:26,536][DEBUG][logstash.filters.grok ] config LogStash::Filters::Grok/@remove_field = []
[2021-03-24T09:08:26,536][DEBUG][logstash.filters.grok ] config LogStash::Filters::Grok/@periodic_flush = false
[2021-03-24T09:08:26,537][DEBUG][logstash.filters.grok ] config LogStash::Filters::Grok/@pattern_definitions = {}
[2021-03-24T09:08:26,537][DEBUG][logstash.filters.grok ] config LogStash::Filters::Grok/@patterns_files_glob = "*"
[2021-03-24T09:08:26,538][DEBUG][logstash.filters.grok ] config LogStash::Filters::Grok/@break_on_match = true
[2021-03-24T09:08:26,538][DEBUG][logstash.filters.grok ] config LogStash::Filters::Grok/@named_captures_only = true
[2021-03-24T09:08:26,539][DEBUG][logstash.filters.grok ] config LogStash::Filters::Grok/@keep_empty_captures = false
[2021-03-24T09:08:26,539][DEBUG][logstash.filters.grok ] config LogStash::Filters::Grok/@tag_on_failure = ["_grokparsefailure"]
[2021-03-24T09:08:26,540][DEBUG][logstash.filters.grok ] config LogStash::Filters::Grok/@timeout_millis = 30000
[2021-03-24T09:08:26,540][DEBUG][logstash.filters.grok ] config LogStash::Filters::Grok/@timeout_scope = "pattern"
[2021-03-24T09:08:26,541][DEBUG][logstash.filters.grok ] config LogStash::Filters::Grok/@tag_on_timeout = "_groktimeout"
[2021-03-24T09:08:26,541][DEBUG][logstash.filters.grok ] config LogStash::Filters::Grok/@overwrite = []
[2021-03-24T09:08:26,554][DEBUG][logstash.plugins.registry] On demand adding plugin to the registry {:name=>"date", :type=>"filter", :class=>LogStash::Filters::Date}
[2021-03-24T09:08:26,565][DEBUG][logstash.filters.date ] config LogStash::Filters::Date/@match = ["timestamp", "dd MMM yyyy HH:mm:ss,SSS", "MMM dd, yyyy h:mm:ss a", "MMM dd, yyyy hh:mm:ss a", "MMM dd, yyyy hh:mm:ss,SSS a", "dd/MMM/yyyy:HH:mm:ss Z"]
[2021-03-24T09:08:26,566][DEBUG][logstash.filters.date ] config LogStash::Filters::Date/@tag_on_failure = ["english-datetime-error"]
[2021-03-24T09:08:26,567][DEBUG][logstash.filters.date ] config LogStash::Filters::Date/@id = "cc24ef91d400591a4700a8205b3e844ddb8cec1ebcd39187733023fdeef9994a"
[2021-03-24T09:08:26,568][DEBUG][logstash.filters.date ] config LogStash::Filters::Date/@enable_metric = true
[2021-03-24T09:08:26,569][DEBUG][logstash.filters.date ] config LogStash::Filters::Date/@add_tag = []
[2021-03-24T09:08:26,569][DEBUG][logstash.filters.date ] config LogStash::Filters::Date/@remove_tag = []
[2021-03-24T09:08:26,570][DEBUG][logstash.filters.date ] config LogStash::Filters::Date/@add_field = {}
[2021-03-24T09:08:26,571][DEBUG][logstash.filters.date ] config LogStash::Filters::Date/@remove_field = []
[2021-03-24T09:08:26,571][DEBUG][logstash.filters.date ] config LogStash::Filters::Date/@periodic_flush = false
[2021-03-24T09:08:26,572][DEBUG][logstash.filters.date ] config LogStash::Filters::Date/@target = "@timestamp"
[2021-03-24T09:08:26,584][DEBUG][org.logstash.filters.DateFilter] Date filter with format=dd MMM yyyy HH:mm:ss,SSS, locale=null, timezone=null built as org.logstash.filters.parser.JodaParser
[2021-03-24T09:08:26,591][DEBUG][org.logstash.filters.DateFilter] Date filter with format=MMM dd, yyyy h:mm:ss a, locale=null, timezone=null built as org.logstash.filters.parser.JodaParser
[2021-03-24T09:08:26,592][DEBUG][org.logstash.filters.DateFilter] Date filter with format=MMM dd, yyyy hh:mm:ss a, locale=null, timezone=null built as org.logstash.filters.parser.JodaParser
[2021-03-24T09:08:26,593][DEBUG][org.logstash.filters.DateFilter] Date filter with format=MMM dd, yyyy hh:mm:ss,SSS a, locale=null, timezone=null built as org.logstash.filters.parser.JodaParser
[2021-03-24T09:08:26,594][DEBUG][org.logstash.filters.DateFilter] Date filter with format=dd/MMM/yyyy:HH:mm:ss Z, locale=null, timezone=null built as org.logstash.filters.parser.JodaParser
[2021-03-24T09:08:26,601][DEBUG][logstash.filters.date ] config LogStash::Filters::Date/@match = ["timestamp", "dd MMM yyyy HH:mm:ss,SSS"]
[2021-03-24T09:08:26,602][DEBUG][logstash.filters.date ] config LogStash::Filters::Date/@id = "dca5cfa43a615cfa6a7cda381c0e7f2eec4172490b60a985ec3ee37420ecb9ee"
[2021-03-24T09:08:26,603][DEBUG][logstash.filters.date ] config LogStash::Filters::Date/@enable_metric = true
[2021-03-24T09:08:26,603][DEBUG][logstash.filters.date ] config LogStash::Filters::Date/@add_tag = []
[2021-03-24T09:08:26,604][DEBUG][logstash.filters.date ] config LogStash::Filters::Date/@remove_tag = []
[2021-03-24T09:08:26,604][DEBUG][logstash.filters.date ] config LogStash::Filters::Date/@add_field = {}
[2021-03-24T09:08:26,605][DEBUG][logstash.filters.date ] config LogStash::Filters::Date/@remove_field = []
[2021-03-24T09:08:26,606][DEBUG][logstash.filters.date ] config LogStash::Filters::Date/@periodic_flush = false
[2021-03-24T09:08:26,606][DEBUG][logstash.filters.date ] config LogStash::Filters::Date/@target = "@timestamp"
[2021-03-24T09:08:26,607][DEBUG][logstash.filters.date ] config LogStash::Filters::Date/@tag_on_failure = ["_dateparsefailure"]
[2021-03-24T09:08:26,608][DEBUG][org.logstash.filters.DateFilter] Date filter with format=dd MMM yyyy HH:mm:ss,SSS, locale=null, timezone=null built as org.logstash.filters.parser.JodaParser
[2021-03-24T09:08:26,613][DEBUG][logstash.plugins.registry] On demand adding plugin to the registry {:name=>"stdout", :type=>"output", :class=>LogStash::Outputs::Stdout}
[2021-03-24T09:08:26,625][DEBUG][logstash.plugins.registry] On demand adding plugin to the registry {:name=>"json", :type=>"codec", :class=>LogStash::Codecs::JSON}
[2021-03-24T09:08:26,631][DEBUG][logstash.codecs.json ] config LogStash::Codecs::JSON/@id = "json_cc34d89b-f5d7-412c-9f31-6b4aa93cd006"
[2021-03-24T09:08:26,632][DEBUG][logstash.codecs.json ] config LogStash::Codecs::JSON/@enable_metric = true
[2021-03-24T09:08:26,633][DEBUG][logstash.codecs.json ] config LogStash::Codecs::JSON/@charset = "UTF-8"
[2021-03-24T09:08:26,638][DEBUG][logstash.outputs.stdout ] config LogStash::Outputs::Stdout/@codec = <LogStash::Codecs::JSON id=>"json_cc34d89b-f5d7-412c-9f31-6b4aa93cd006", enable_metric=>true, charset=>"UTF-8">
[2021-03-24T09:08:26,639][DEBUG][logstash.outputs.stdout ] config LogStash::Outputs::Stdout/@id = "0dcb731396e3a8aa16bcd138190d22118a1b42576e9d480ab0cf93ef4c026858"
[2021-03-24T09:08:26,640][DEBUG][logstash.outputs.stdout ] config LogStash::Outputs::Stdout/@enable_metric = true
[2021-03-24T09:08:26,641][DEBUG][logstash.outputs.stdout ] config LogStash::Outputs::Stdout/@workers = 1
[2021-03-24T09:08:26,698][DEBUG][logstash.javapipeline ] Starting pipeline {:pipeline_id=>"main"}
[2021-03-24T09:08:26,738][DEBUG][logstash.filters.grok ][main] Grok patterns path {:paths=>["/Users/philipp/Downloads/logstash-7.11.2/vendor/bundle/jruby/2.5.0/gems/logstash-patterns-core-4.1.2/patterns", "/Users/philipp/Downloads/logstash-7.11.2/patterns/*"]}
[2021-03-24T09:08:26,756][DEBUG][logstash.filters.grok ][main] Grok patterns path {:paths=>["/Users/philipp/Downloads/logstash/pipeline/custompattern"]}
[2021-03-24T09:08:26,758][DEBUG][logstash.filters.grok ][main] Match data {:match=>{"message"=>"%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"}}
[2021-03-24T09:08:26,762][DEBUG][logstash.filters.grok ][main] regexp: /message {:pattern=>"%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"}
[2021-03-24T09:08:26,803][DEBUG][logstash.filters.grok ][main] Adding pattern {"BRO_HTTP"=>"%{NUMBER:ts}\\t%{NOTSPACE:uid}\\t%{IP:orig_h}\\t%{INT:orig_p}\\t%{IP:resp_h}\\t%{INT:resp_p}\\t%{INT:trans_depth}\\t%{GREEDYDATA:method}\\t%{GREEDYDATA:domain}\\t%{GREEDYDATA:uri}\\t%{GREEDYDATA:referrer}\\t%{GREEDYDATA:user_agent}\\t%{NUMBER:request_body_len}\\t%{NUMBER:response_body_len}\\t%{GREEDYDATA:status_code}\\t%{GREEDYDATA:status_msg}\\t%{GREEDYDATA:info_code}\\t%{GREEDYDATA:info_msg}\\t%{GREEDYDATA:filename}\\t%{GREEDYDATA:bro_tags}\\t%{GREEDYDATA:username}\\t%{GREEDYDATA:password}\\t%{GREEDYDATA:proxied}\\t%{GREEDYDATA:orig_fuids}\\t%{GREEDYDATA:orig_mime_types}\\t%{GREEDYDATA:resp_fuids}\\t%{GREEDYDATA:resp_mime_types}"}
[2021-03-24T09:08:26,804][DEBUG][logstash.filters.grok ][main] Adding pattern {"BRO_DNS"=>"%{NUMBER:ts}\\t%{NOTSPACE:uid}\\t%{IP:orig_h}\\t%{INT:orig_p}\\t%{IP:resp_h}\\t%{INT:resp_p}\\t%{WORD:proto}\\t%{INT:trans_id}\\t%{GREEDYDATA:query}\\t%{GREEDYDATA:qclass}\\t%{GREEDYDATA:qclass_name}\\t%{GREEDYDATA:qtype}\\t%{GREEDYDATA:qtype_name}\\t%{GREEDYDATA:rcode}\\t%{GREEDYDATA:rcode_name}\\t%{GREEDYDATA:AA}\\t%{GREEDYDATA:TC}\\t%{GREEDYDATA:RD}\\t%{GREEDYDATA:RA}\\t%{GREEDYDATA:Z}\\t%{GREEDYDATA:answers}\\t%{GREEDYDATA:TTLs}\\t%{GREEDYDATA:rejected}"}
[2021-03-24T09:08:26,805][DEBUG][logstash.filters.grok ][main] Adding pattern {"BRO_CONN"=>"%{NUMBER:ts}\\t%{NOTSPACE:uid}\\t%{IP:orig_h}\\t%{INT:orig_p}\\t%{IP:resp_h}\\t%{INT:resp_p}\\t%{WORD:proto}\\t%{GREEDYDATA:service}\\t%{NUMBER:duration}\\t%{NUMBER:orig_bytes}\\t%{NUMBER:resp_bytes}\\t%{GREEDYDATA:conn_state}\\t%{GREEDYDATA:local_orig}\\t%{GREEDYDATA:missed_bytes}\\t%{GREEDYDATA:history}\\t%{GREEDYDATA:orig_pkts}\\t%{GREEDYDATA:orig_ip_bytes}\\t%{GREEDYDATA:resp_pkts}\\t%{GREEDYDATA:resp_ip_bytes}\\t%{GREEDYDATA:tunnel_parents}"}
[2021-03-24T09:08:26,806][DEBUG][logstash.filters.grok ][main] Adding pattern {"BRO_FILES"=>"%{NUMBER:ts}\\t%{NOTSPACE:fuid}\\t%{IP:tx_hosts}\\t%{IP:rx_hosts}\\t%{NOTSPACE:conn_uids}\\t%{GREEDYDATA:source}\\t%{GREEDYDATA:depth}\\t%{GREEDYDATA:analyzers}\\t%{GREEDYDATA:mime_type}\\t%{GREEDYDATA:filename}\\t%{GREEDYDATA:duration}\\t%{GREEDYDATA:local_orig}\\t%{GREEDYDATA:is_orig}\\t%{GREEDYDATA:seen_bytes}\\t%{GREEDYDATA:total_bytes}\\t%{GREEDYDATA:missing_bytes}\\t%{GREEDYDATA:overflow_bytes}\\t%{GREEDYDATA:timedout}\\t%{GREEDYDATA:parent_fuid}\\t%{GREEDYDATA:md5}\\t%{GREEDYDATA:sha1}\\t%{GREEDYDATA:sha256}\\t%{GREEDYDATA:extracted}"}
[2021-03-24T09:08:26,808][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOSTIME"=>"\\[%{NUMBER:nagios_epoch}\\]"}
[2021-03-24T09:08:26,810][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_TYPE_CURRENT_SERVICE_STATE"=>"CURRENT SERVICE STATE"}
[2021-03-24T09:08:26,811][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_TYPE_CURRENT_HOST_STATE"=>"CURRENT HOST STATE"}
[2021-03-24T09:08:26,811][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_TYPE_SERVICE_NOTIFICATION"=>"SERVICE NOTIFICATION"}
[2021-03-24T09:08:26,812][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_TYPE_HOST_NOTIFICATION"=>"HOST NOTIFICATION"}
[2021-03-24T09:08:26,813][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_TYPE_SERVICE_ALERT"=>"SERVICE ALERT"}
[2021-03-24T09:08:26,813][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_TYPE_HOST_ALERT"=>"HOST ALERT"}
[2021-03-24T09:08:26,814][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_TYPE_SERVICE_FLAPPING_ALERT"=>"SERVICE FLAPPING ALERT"}
[2021-03-24T09:08:26,814][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_TYPE_HOST_FLAPPING_ALERT"=>"HOST FLAPPING ALERT"}
[2021-03-24T09:08:26,815][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_TYPE_SERVICE_DOWNTIME_ALERT"=>"SERVICE DOWNTIME ALERT"}
[2021-03-24T09:08:26,816][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_TYPE_HOST_DOWNTIME_ALERT"=>"HOST DOWNTIME ALERT"}
[2021-03-24T09:08:26,817][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_TYPE_PASSIVE_SERVICE_CHECK"=>"PASSIVE SERVICE CHECK"}
[2021-03-24T09:08:26,818][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_TYPE_PASSIVE_HOST_CHECK"=>"PASSIVE HOST CHECK"}
[2021-03-24T09:08:26,818][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_TYPE_SERVICE_EVENT_HANDLER"=>"SERVICE EVENT HANDLER"}
[2021-03-24T09:08:26,819][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_TYPE_HOST_EVENT_HANDLER"=>"HOST EVENT HANDLER"}
[2021-03-24T09:08:26,820][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_TYPE_EXTERNAL_COMMAND"=>"EXTERNAL COMMAND"}
[2021-03-24T09:08:26,820][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_TYPE_TIMEPERIOD_TRANSITION"=>"TIMEPERIOD TRANSITION"}
[2021-03-24T09:08:26,821][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_DISABLE_SVC_CHECK"=>"DISABLE_SVC_CHECK"}
[2021-03-24T09:08:26,822][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_ENABLE_SVC_CHECK"=>"ENABLE_SVC_CHECK"}
[2021-03-24T09:08:26,823][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_DISABLE_HOST_CHECK"=>"DISABLE_HOST_CHECK"}
[2021-03-24T09:08:26,824][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_ENABLE_HOST_CHECK"=>"ENABLE_HOST_CHECK"}
[2021-03-24T09:08:26,825][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_PROCESS_SERVICE_CHECK_RESULT"=>"PROCESS_SERVICE_CHECK_RESULT"}
[2021-03-24T09:08:26,826][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_PROCESS_HOST_CHECK_RESULT"=>"PROCESS_HOST_CHECK_RESULT"}
[2021-03-24T09:08:26,827][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_SCHEDULE_SERVICE_DOWNTIME"=>"SCHEDULE_SERVICE_DOWNTIME"}
[2021-03-24T09:08:26,828][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_SCHEDULE_HOST_DOWNTIME"=>"SCHEDULE_HOST_DOWNTIME"}
[2021-03-24T09:08:26,829][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_DISABLE_HOST_SVC_NOTIFICATIONS"=>"DISABLE_HOST_SVC_NOTIFICATIONS"}
[2021-03-24T09:08:26,830][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_ENABLE_HOST_SVC_NOTIFICATIONS"=>"ENABLE_HOST_SVC_NOTIFICATIONS"}
[2021-03-24T09:08:26,830][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_DISABLE_HOST_NOTIFICATIONS"=>"DISABLE_HOST_NOTIFICATIONS"}
[2021-03-24T09:08:26,831][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_ENABLE_HOST_NOTIFICATIONS"=>"ENABLE_HOST_NOTIFICATIONS"}
[2021-03-24T09:08:26,832][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_DISABLE_SVC_NOTIFICATIONS"=>"DISABLE_SVC_NOTIFICATIONS"}
[2021-03-24T09:08:26,833][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_ENABLE_SVC_NOTIFICATIONS"=>"ENABLE_SVC_NOTIFICATIONS"}
[2021-03-24T09:08:26,834][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_WARNING"=>"Warning:%{SPACE}%{GREEDYDATA:nagios_message}"}
[2021-03-24T09:08:26,834][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_CURRENT_SERVICE_STATE"=>"%{NAGIOS_TYPE_CURRENT_SERVICE_STATE:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_statetype};%{DATA:nagios_statecode};%{GREEDYDATA:nagios_message}"}
[2021-03-24T09:08:26,835][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_CURRENT_HOST_STATE"=>"%{NAGIOS_TYPE_CURRENT_HOST_STATE:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statetype};%{DATA:nagios_statecode};%{GREEDYDATA:nagios_message}"}
[2021-03-24T09:08:26,836][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_SERVICE_NOTIFICATION"=>"%{NAGIOS_TYPE_SERVICE_NOTIFICATION:nagios_type}: %{DATA:nagios_notifyname};%{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_contact};%{GREEDYDATA:nagios_message}"}
[2021-03-24T09:08:26,836][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_HOST_NOTIFICATION"=>"%{NAGIOS_TYPE_HOST_NOTIFICATION:nagios_type}: %{DATA:nagios_notifyname};%{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_contact};%{GREEDYDATA:nagios_message}"}
[2021-03-24T09:08:26,837][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_SERVICE_ALERT"=>"%{NAGIOS_TYPE_SERVICE_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{NUMBER:nagios_attempt};%{GREEDYDATA:nagios_message}"}
[2021-03-24T09:08:26,838][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_HOST_ALERT"=>"%{NAGIOS_TYPE_HOST_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{NUMBER:nagios_attempt};%{GREEDYDATA:nagios_message}"}
[2021-03-24T09:08:26,838][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_SERVICE_FLAPPING_ALERT"=>"%{NAGIOS_TYPE_SERVICE_FLAPPING_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_message}"}
[2021-03-24T09:08:26,840][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_HOST_FLAPPING_ALERT"=>"%{NAGIOS_TYPE_HOST_FLAPPING_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_message}"}
[2021-03-24T09:08:26,842][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_SERVICE_DOWNTIME_ALERT"=>"%{NAGIOS_TYPE_SERVICE_DOWNTIME_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}"}
[2021-03-24T09:08:26,843][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_HOST_DOWNTIME_ALERT"=>"%{NAGIOS_TYPE_HOST_DOWNTIME_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}"}
[2021-03-24T09:08:26,843][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_PASSIVE_SERVICE_CHECK"=>"%{NAGIOS_TYPE_PASSIVE_SERVICE_CHECK:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}"}
[2021-03-24T09:08:26,844][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_PASSIVE_HOST_CHECK"=>"%{NAGIOS_TYPE_PASSIVE_HOST_CHECK:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}"}
[2021-03-24T09:08:26,845][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_SERVICE_EVENT_HANDLER"=>"%{NAGIOS_TYPE_SERVICE_EVENT_HANDLER:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{DATA:nagios_event_handler_name}"}
[2021-03-24T09:08:26,845][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_HOST_EVENT_HANDLER"=>"%{NAGIOS_TYPE_HOST_EVENT_HANDLER:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{DATA:nagios_event_handler_name}"}
[2021-03-24T09:08:26,846][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_TIMEPERIOD_TRANSITION"=>"%{NAGIOS_TYPE_TIMEPERIOD_TRANSITION:nagios_type}: %{DATA:nagios_service};%{DATA:nagios_unknown1};%{DATA:nagios_unknown2}"}
[2021-03-24T09:08:26,847][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_LINE_DISABLE_SVC_CHECK"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_DISABLE_SVC_CHECK:nagios_command};%{DATA:nagios_hostname};%{DATA:nagios_service}"}
[2021-03-24T09:08:26,848][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_LINE_DISABLE_HOST_CHECK"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_DISABLE_HOST_CHECK:nagios_command};%{DATA:nagios_hostname}"}
[2021-03-24T09:08:26,849][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_LINE_ENABLE_SVC_CHECK"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_ENABLE_SVC_CHECK:nagios_command};%{DATA:nagios_hostname};%{DATA:nagios_service}"}
[2021-03-24T09:08:26,850][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_LINE_ENABLE_HOST_CHECK"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_ENABLE_HOST_CHECK:nagios_command};%{DATA:nagios_hostname}"}
[2021-03-24T09:08:26,851][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_LINE_PROCESS_SERVICE_CHECK_RESULT"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_PROCESS_SERVICE_CHECK_RESULT:nagios_command};%{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_check_result}"}
[2021-03-24T09:08:26,851][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_LINE_PROCESS_HOST_CHECK_RESULT"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_PROCESS_HOST_CHECK_RESULT:nagios_command};%{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_check_result}"}
[2021-03-24T09:08:26,852][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_LINE_DISABLE_HOST_SVC_NOTIFICATIONS"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_DISABLE_HOST_SVC_NOTIFICATIONS:nagios_command};%{GREEDYDATA:nagios_hostname}"}
[2021-03-24T09:08:26,852][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_LINE_DISABLE_HOST_NOTIFICATIONS"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_DISABLE_HOST_NOTIFICATIONS:nagios_command};%{GREEDYDATA:nagios_hostname}"}
[2021-03-24T09:08:26,853][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_LINE_DISABLE_SVC_NOTIFICATIONS"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_DISABLE_SVC_NOTIFICATIONS:nagios_command};%{DATA:nagios_hostname};%{GREEDYDATA:nagios_service}"}
[2021-03-24T09:08:26,854][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_LINE_ENABLE_HOST_SVC_NOTIFICATIONS"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_ENABLE_HOST_SVC_NOTIFICATIONS:nagios_command};%{GREEDYDATA:nagios_hostname}"}
[2021-03-24T09:08:26,856][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_LINE_ENABLE_HOST_NOTIFICATIONS"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_ENABLE_HOST_NOTIFICATIONS:nagios_command};%{GREEDYDATA:nagios_hostname}"}
[2021-03-24T09:08:26,857][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_LINE_ENABLE_SVC_NOTIFICATIONS"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_ENABLE_SVC_NOTIFICATIONS:nagios_command};%{DATA:nagios_hostname};%{GREEDYDATA:nagios_service}"}
[2021-03-24T09:08:26,858][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOS_EC_LINE_SCHEDULE_HOST_DOWNTIME"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_SCHEDULE_HOST_DOWNTIME:nagios_command};%{DATA:nagios_hostname};%{NUMBER:nagios_start_time};%{NUMBER:nagios_end_time};%{NUMBER:nagios_fixed};%{NUMBER:nagios_trigger_id};%{NUMBER:nagios_duration};%{DATA:author};%{DATA:comment}"}
[2021-03-24T09:08:26,859][DEBUG][logstash.filters.grok ][main] Adding pattern {"NAGIOSLOGLINE"=>"%{NAGIOSTIME} (?:%{NAGIOS_WARNING}|%{NAGIOS_CURRENT_SERVICE_STATE}|%{NAGIOS_CURRENT_HOST_STATE}|%{NAGIOS_SERVICE_NOTIFICATION}|%{NAGIOS_HOST_NOTIFICATION}|%{NAGIOS_SERVICE_ALERT}|%{NAGIOS_HOST_ALERT}|%{NAGIOS_SERVICE_FLAPPING_ALERT}|%{NAGIOS_HOST_FLAPPING_ALERT}|%{NAGIOS_SERVICE_DOWNTIME_ALERT}|%{NAGIOS_HOST_DOWNTIME_ALERT}|%{NAGIOS_PASSIVE_SERVICE_CHECK}|%{NAGIOS_PASSIVE_HOST_CHECK}|%{NAGIOS_SERVICE_EVENT_HANDLER}|%{NAGIOS_HOST_EVENT_HANDLER}|%{NAGIOS_TIMEPERIOD_TRANSITION}|%{NAGIOS_EC_LINE_DISABLE_SVC_CHECK}|%{NAGIOS_EC_LINE_ENABLE_SVC_CHECK}|%{NAGIOS_EC_LINE_DISABLE_HOST_CHECK}|%{NAGIOS_EC_LINE_ENABLE_HOST_CHECK}|%{NAGIOS_EC_LINE_PROCESS_HOST_CHECK_RESULT}|%{NAGIOS_EC_LINE_PROCESS_SERVICE_CHECK_RESULT}|%{NAGIOS_EC_LINE_SCHEDULE_HOST_DOWNTIME}|%{NAGIOS_EC_LINE_DISABLE_HOST_SVC_NOTIFICATIONS}|%{NAGIOS_EC_LINE_ENABLE_HOST_SVC_NOTIFICATIONS}|%{NAGIOS_EC_LINE_DISABLE_HOST_NOTIFICATIONS}|%{NAGIOS_EC_LINE_ENABLE_HOST_NOTIFICATIONS}|%{NAGIOS_EC_LINE_DISABLE_SVC_NOTIFICATIONS}|%{NAGIOS_EC_LINE_ENABLE_SVC_NOTIFICATIONS})"}
[2021-03-24T09:08:26,860][DEBUG][logstash.filters.grok ][main] Adding pattern {"USERNAME"=>"[a-zA-Z0-9._-]+"}
[2021-03-24T09:08:26,862][DEBUG][logstash.filters.grok ][main] Adding pattern {"USER"=>"%{USERNAME}"}
[2021-03-24T09:08:26,864][DEBUG][logstash.filters.grok ][main] Adding pattern {"EMAILLOCALPART"=>"[a-zA-Z][a-zA-Z0-9_.+-=:]+"}
[2021-03-24T09:08:26,865][DEBUG][logstash.filters.grok ][main] Adding pattern {"EMAILADDRESS"=>"%{EMAILLOCALPART}@%{HOSTNAME}"}
[2021-03-24T09:08:26,865][DEBUG][logstash.filters.grok ][main] Adding pattern {"INT"=>"(?:[+-]?(?:[0-9]+))"}
[2021-03-24T09:08:26,866][DEBUG][logstash.filters.grok ][main] Adding pattern {"BASE10NUM"=>"(?<![0-9.+-])(?>[+-]?(?:(?:[0-9]+(?:\\.[0-9]+)?)|(?:\\.[0-9]+)))"}
[2021-03-24T09:08:26,867][DEBUG][logstash.filters.grok ][main] Adding pattern {"NUMBER"=>"(?:%{BASE10NUM})"}
[2021-03-24T09:08:26,868][DEBUG][logstash.filters.grok ][main] Adding pattern {"BASE16NUM"=>"(?<![0-9A-Fa-f])(?:[+-]?(?:0x)?(?:[0-9A-Fa-f]+))"}
[2021-03-24T09:08:26,868][DEBUG][logstash.filters.grok ][main] Adding pattern {"BASE16FLOAT"=>"\\b(?<![0-9A-Fa-f.])(?:[+-]?(?:0x)?(?:(?:[0-9A-Fa-f]+(?:\\.[0-9A-Fa-f]*)?)|(?:\\.[0-9A-Fa-f]+)))\\b"}
[2021-03-24T09:08:26,869][DEBUG][logstash.filters.grok ][main] Adding pattern {"POSINT"=>"\\b(?:[1-9][0-9]*)\\b"}
[2021-03-24T09:08:26,869][DEBUG][logstash.filters.grok ][main] Adding pattern {"NONNEGINT"=>"\\b(?:[0-9]+)\\b"}
[2021-03-24T09:08:26,870][DEBUG][logstash.filters.grok ][main] Adding pattern {"WORD"=>"\\b\\w+\\b"}
[2021-03-24T09:08:26,871][DEBUG][logstash.filters.grok ][main] Adding pattern {"NOTSPACE"=>"\\S+"}
[2021-03-24T09:08:26,872][DEBUG][logstash.filters.grok ][main] Adding pattern {"SPACE"=>"\\s*"}
[2021-03-24T09:08:26,873][DEBUG][logstash.filters.grok ][main] Adding pattern {"DATA"=>".*?"}
[2021-03-24T09:08:26,874][DEBUG][logstash.filters.grok ][main] Adding pattern {"GREEDYDATA"=>".*"}
[2021-03-24T09:08:26,875][DEBUG][logstash.filters.grok ][main] Adding pattern {"QUOTEDSTRING"=>"(?>(?<!\\\\)(?>\"(?>\\\\.|[^\\\\\"]+)+\"|\"\"|(?>'(?>\\\\.|[^\\\\']+)+')|''|(?>`(?>\\\\.|[^\\\\`]+)+`)|``))"}
[2021-03-24T09:08:26,877][DEBUG][logstash.filters.grok ][main] Adding pattern {"UUID"=>"[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12}"}
[2021-03-24T09:08:26,878][DEBUG][logstash.filters.grok ][main] Adding pattern {"URN"=>"urn:[0-9A-Za-z][0-9A-Za-z-]{0,31}:(?:%[0-9a-fA-F]{2}|[0-9A-Za-z()+,.:=@;$_!*'/?#-])+"}
[2021-03-24T09:08:26,880][DEBUG][logstash.filters.grok ][main] Adding pattern {"MAC"=>"(?:%{CISCOMAC}|%{WINDOWSMAC}|%{COMMONMAC})"}
[2021-03-24T09:08:26,881][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOMAC"=>"(?:(?:[A-Fa-f0-9]{4}\\.){2}[A-Fa-f0-9]{4})"}
[2021-03-24T09:08:26,881][DEBUG][logstash.filters.grok ][main] Adding pattern {"WINDOWSMAC"=>"(?:(?:[A-Fa-f0-9]{2}-){5}[A-Fa-f0-9]{2})"}
[2021-03-24T09:08:26,882][DEBUG][logstash.filters.grok ][main] Adding pattern {"COMMONMAC"=>"(?:(?:[A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2})"}
[2021-03-24T09:08:26,883][DEBUG][logstash.filters.grok ][main] Adding pattern {"IPV6"=>"((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?"}
[2021-03-24T09:08:26,884][DEBUG][logstash.filters.grok ][main] Adding pattern {"IPV4"=>"(?<![0-9])(?:(?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5]))(?![0-9])"}
[2021-03-24T09:08:26,885][DEBUG][logstash.filters.grok ][main] Adding pattern {"IP"=>"(?:%{IPV6}|%{IPV4})"}
[2021-03-24T09:08:26,886][DEBUG][logstash.filters.grok ][main] Adding pattern {"HOSTNAME"=>"\\b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\\.?|\\b)"}
[2021-03-24T09:08:26,887][DEBUG][logstash.filters.grok ][main] Adding pattern {"IPORHOST"=>"(?:%{IP}|%{HOSTNAME})"}
[2021-03-24T09:08:26,888][DEBUG][logstash.filters.grok ][main] Adding pattern {"HOSTPORT"=>"%{IPORHOST}:%{POSINT}"}
[2021-03-24T09:08:26,888][DEBUG][logstash.filters.grok ][main] Adding pattern {"PATH"=>"(?:%{UNIXPATH}|%{WINPATH})"}
[2021-03-24T09:08:26,889][DEBUG][logstash.filters.grok ][main] Adding pattern {"UNIXPATH"=>"(/([\\w_%!$@:.,+~-]+|\\\\.)*)+"}
[2021-03-24T09:08:26,889][DEBUG][logstash.filters.grok ][main] Adding pattern {"TTY"=>"(?:/dev/(pts|tty([pq])?)(\\w+)?/?(?:[0-9]+))"}
[2021-03-24T09:08:26,890][DEBUG][logstash.filters.grok ][main] Adding pattern {"WINPATH"=>"(?>[A-Za-z]+:|\\\\)(?:\\\\[^\\\\?*]*)+"}
[2021-03-24T09:08:26,891][DEBUG][logstash.filters.grok ][main] Adding pattern {"URIPROTO"=>"[A-Za-z]([A-Za-z0-9+\\-.]+)+"}
[2021-03-24T09:08:26,892][DEBUG][logstash.filters.grok ][main] Adding pattern {"URIHOST"=>"%{IPORHOST}(?::%{POSINT:port})?"}
[2021-03-24T09:08:26,893][DEBUG][logstash.filters.grok ][main] Adding pattern {"URIPATH"=>"(?:/[A-Za-z0-9$.+!*'(){},~:;=@#%&_\\-]*)+"}
[2021-03-24T09:08:26,895][DEBUG][logstash.filters.grok ][main] Adding pattern {"URIPARAM"=>"\\?[A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?\\-\\[\\]<>]*"}
[2021-03-24T09:08:26,896][DEBUG][logstash.filters.grok ][main] Adding pattern {"URIPATHPARAM"=>"%{URIPATH}(?:%{URIPARAM})?"}
[2021-03-24T09:08:26,897][DEBUG][logstash.filters.grok ][main] Adding pattern {"URI"=>"%{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})?"}
[2021-03-24T09:08:26,906][DEBUG][logstash.filters.grok ][main] Adding pattern {"MONTH"=>"\\b(?:[Jj]an(?:uary|uar)?|[Ff]eb(?:ruary|ruar)?|[Mm](?:a|ä)?r(?:ch|z)?|[Aa]pr(?:il)?|[Mm]a(?:y|i)?|[Jj]un(?:e|i)?|[Jj]ul(?:y)?|[Aa]ug(?:ust)?|[Ss]ep(?:tember)?|[Oo](?:c|k)?t(?:ober)?|[Nn]ov(?:ember)?|[Dd]e(?:c|z)(?:ember)?)\\b"}
[2021-03-24T09:08:26,907][DEBUG][logstash.filters.grok ][main] Adding pattern {"MONTHNUM"=>"(?:0?[1-9]|1[0-2])"}
[2021-03-24T09:08:26,908][DEBUG][logstash.filters.grok ][main] Adding pattern {"MONTHNUM2"=>"(?:0[1-9]|1[0-2])"}
[2021-03-24T09:08:26,909][DEBUG][logstash.filters.grok ][main] Adding pattern {"MONTHDAY"=>"(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])"}
[2021-03-24T09:08:26,910][DEBUG][logstash.filters.grok ][main] Adding pattern {"DAY"=>"(?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?)"}
[2021-03-24T09:08:26,911][DEBUG][logstash.filters.grok ][main] Adding pattern {"YEAR"=>"(?>\\d\\d){1,2}"}
[2021-03-24T09:08:26,912][DEBUG][logstash.filters.grok ][main] Adding pattern {"HOUR"=>"(?:2[0123]|[01]?[0-9])"}
[2021-03-24T09:08:26,913][DEBUG][logstash.filters.grok ][main] Adding pattern {"MINUTE"=>"(?:[0-5][0-9])"}
[2021-03-24T09:08:26,914][DEBUG][logstash.filters.grok ][main] Adding pattern {"SECOND"=>"(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)"}
[2021-03-24T09:08:26,915][DEBUG][logstash.filters.grok ][main] Adding pattern {"TIME"=>"(?!<[0-9])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![0-9])"}
[2021-03-24T09:08:26,916][DEBUG][logstash.filters.grok ][main] Adding pattern {"DATE_US"=>"%{MONTHNUM}[/-]%{MONTHDAY}[/-]%{YEAR}"}
[2021-03-24T09:08:26,916][DEBUG][logstash.filters.grok ][main] Adding pattern {"DATE_EU"=>"%{MONTHDAY}[./-]%{MONTHNUM}[./-]%{YEAR}"}
[2021-03-24T09:08:26,918][DEBUG][logstash.filters.grok ][main] Adding pattern {"ISO8601_TIMEZONE"=>"(?:Z|[+-]%{HOUR}(?::?%{MINUTE}))"}
[2021-03-24T09:08:26,919][DEBUG][logstash.filters.grok ][main] Adding pattern {"ISO8601_SECOND"=>"(?:%{SECOND}|60)"}
[2021-03-24T09:08:26,920][DEBUG][logstash.filters.grok ][main] Adding pattern {"TIMESTAMP_ISO8601"=>"%{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?"}
[2021-03-24T09:08:26,921][DEBUG][logstash.filters.grok ][main] Adding pattern {"DATE"=>"%{DATE_US}|%{DATE_EU}"}
[2021-03-24T09:08:26,922][DEBUG][logstash.filters.grok ][main] Adding pattern {"DATESTAMP"=>"%{DATE}[- ]%{TIME}"}
[2021-03-24T09:08:26,922][DEBUG][logstash.filters.grok ][main] Adding pattern {"TZ"=>"(?:[APMCE][SD]T|UTC)"}
[2021-03-24T09:08:26,923][DEBUG][logstash.filters.grok ][main] Adding pattern {"DATESTAMP_RFC822"=>"%{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}"}
[2021-03-24T09:08:26,924][DEBUG][logstash.filters.grok ][main] Adding pattern {"DATESTAMP_RFC2822"=>"%{DAY}, %{MONTHDAY} %{MONTH} %{YEAR} %{TIME} %{ISO8601_TIMEZONE}"}
[2021-03-24T09:08:26,925][DEBUG][logstash.filters.grok ][main] Adding pattern {"DATESTAMP_OTHER"=>"%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{TZ} %{YEAR}"}
[2021-03-24T09:08:26,925][DEBUG][logstash.filters.grok ][main] Adding pattern {"DATESTAMP_EVENTLOG"=>"%{YEAR}%{MONTHNUM2}%{MONTHDAY}%{HOUR}%{MINUTE}%{SECOND}"}
[2021-03-24T09:08:26,926][DEBUG][logstash.filters.grok ][main] Adding pattern {"SYSLOGTIMESTAMP"=>"%{MONTH} +%{MONTHDAY} %{TIME}"}
[2021-03-24T09:08:26,927][DEBUG][logstash.filters.grok ][main] Adding pattern {"PROG"=>"[\\x21-\\x5a\\x5c\\x5e-\\x7e]+"}
[2021-03-24T09:08:26,927][DEBUG][logstash.filters.grok ][main] Adding pattern {"SYSLOGPROG"=>"%{PROG:program}(?:\\[%{POSINT:pid}\\])?"}
[2021-03-24T09:08:26,928][DEBUG][logstash.filters.grok ][main] Adding pattern {"SYSLOGHOST"=>"%{IPORHOST}"}
[2021-03-24T09:08:26,928][DEBUG][logstash.filters.grok ][main] Adding pattern {"SYSLOGFACILITY"=>"<%{NONNEGINT:facility}.%{NONNEGINT:priority}>"}
[2021-03-24T09:08:26,929][DEBUG][logstash.filters.grok ][main] Adding pattern {"HTTPDATE"=>"%{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{INT}"}
[2021-03-24T09:08:26,930][DEBUG][logstash.filters.grok ][main] Adding pattern {"QS"=>"%{QUOTEDSTRING}"}
[2021-03-24T09:08:26,930][DEBUG][logstash.filters.grok ][main] Adding pattern {"SYSLOGBASE"=>"%{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:"}
[2021-03-24T09:08:26,931][DEBUG][logstash.filters.grok ][main] Adding pattern {"LOGLEVEL"=>"([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)"}
[2021-03-24T09:08:26,933][DEBUG][logstash.filters.grok ][main] Adding pattern {"POSTGRESQL"=>"%{DATESTAMP:timestamp} %{TZ} %{DATA:user_id} %{GREEDYDATA:connection_id} %{POSINT:pid}"}
[2021-03-24T09:08:26,935][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_TIMESTAMP"=>"%{MONTHDAY}-%{MONTH} %{HOUR}:%{MINUTE}"}
[2021-03-24T09:08:26,935][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_HOST"=>"[a-zA-Z0-9-]+"}
[2021-03-24T09:08:26,936][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_VOLUME"=>"%{USER}"}
[2021-03-24T09:08:26,937][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_DEVICE"=>"%{USER}"}
[2021-03-24T09:08:26,937][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_DEVICEPATH"=>"%{UNIXPATH}"}
[2021-03-24T09:08:26,940][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_CAPACITY"=>"%{INT}{1,3}(,%{INT}{3})*"}
[2021-03-24T09:08:26,941][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_VERSION"=>"%{USER}"}
[2021-03-24T09:08:26,942][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_JOB"=>"%{USER}"}
[2021-03-24T09:08:26,943][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_MAX_CAPACITY"=>"User defined maximum volume capacity %{BACULA_CAPACITY} exceeded on device \\\"%{BACULA_DEVICE:device}\\\" \\(%{BACULA_DEVICEPATH}\\)"}
[2021-03-24T09:08:26,944][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_END_VOLUME"=>"End of medium on Volume \\\"%{BACULA_VOLUME:volume}\\\" Bytes=%{BACULA_CAPACITY} Blocks=%{BACULA_CAPACITY} at %{MONTHDAY}-%{MONTH}-%{YEAR} %{HOUR}:%{MINUTE}."}
[2021-03-24T09:08:26,944][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_NEW_VOLUME"=>"Created new Volume \\\"%{BACULA_VOLUME:volume}\\\" in catalog."}
[2021-03-24T09:08:26,945][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_NEW_LABEL"=>"Labeled new Volume \\\"%{BACULA_VOLUME:volume}\\\" on device \\\"%{BACULA_DEVICE:device}\\\" \\(%{BACULA_DEVICEPATH}\\)."}
[2021-03-24T09:08:26,945][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_WROTE_LABEL"=>"Wrote label to prelabeled Volume \\\"%{BACULA_VOLUME:volume}\\\" on device \\\"%{BACULA_DEVICE}\\\" \\(%{BACULA_DEVICEPATH}\\)"}
[2021-03-24T09:08:26,946][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_NEW_MOUNT"=>"New volume \\\"%{BACULA_VOLUME:volume}\\\" mounted on device \\\"%{BACULA_DEVICE:device}\\\" \\(%{BACULA_DEVICEPATH}\\) at %{MONTHDAY}-%{MONTH}-%{YEAR} %{HOUR}:%{MINUTE}."}
[2021-03-24T09:08:26,947][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_NOOPEN"=>"\\s+Cannot open %{DATA}: ERR=%{GREEDYDATA:berror}"}
[2021-03-24T09:08:26,947][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_NOOPENDIR"=>"\\s+Could not open directory %{DATA}: ERR=%{GREEDYDATA:berror}"}
[2021-03-24T09:08:26,948][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_NOSTAT"=>"\\s+Could not stat %{DATA}: ERR=%{GREEDYDATA:berror}"}
[2021-03-24T09:08:26,948][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_NOJOBS"=>"There are no more Jobs associated with Volume \\\"%{BACULA_VOLUME:volume}\\\". Marking it purged."}
[2021-03-24T09:08:26,949][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_ALL_RECORDS_PRUNED"=>"All records pruned from Volume \\\"%{BACULA_VOLUME:volume}\\\"; marking it \\\"Purged\\\""}
[2021-03-24T09:08:26,949][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_BEGIN_PRUNE_JOBS"=>"Begin pruning Jobs older than %{INT} month %{INT} days ."}
[2021-03-24T09:08:26,951][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_BEGIN_PRUNE_FILES"=>"Begin pruning Files."}
[2021-03-24T09:08:26,952][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_PRUNED_JOBS"=>"Pruned %{INT} Jobs* for client %{BACULA_HOST:client} from catalog."}
[2021-03-24T09:08:26,953][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_PRUNED_FILES"=>"Pruned Files from %{INT} Jobs* for client %{BACULA_HOST:client} from catalog."}
[2021-03-24T09:08:26,953][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_ENDPRUNE"=>"End auto prune."}
[2021-03-24T09:08:26,954][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_STARTJOB"=>"Start Backup JobId %{INT}, Job=%{BACULA_JOB:job}"}
[2021-03-24T09:08:26,954][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_STARTRESTORE"=>"Start Restore Job %{BACULA_JOB:job}"}
[2021-03-24T09:08:26,955][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_USEDEVICE"=>"Using Device \\\"%{BACULA_DEVICE:device}\\\""}
[2021-03-24T09:08:26,956][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_DIFF_FS"=>"\\s+%{UNIXPATH} is a different filesystem. Will not descend from %{UNIXPATH} into it."}
[2021-03-24T09:08:26,958][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_JOBEND"=>"Job write elapsed time = %{DATA:elapsed}, Transfer rate = %{NUMBER} (K|M|G)? Bytes/second"}
[2021-03-24T09:08:26,959][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_NOPRUNE_JOBS"=>"No Jobs found to prune."}
[2021-03-24T09:08:26,960][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_NOPRUNE_FILES"=>"No Files found to prune."}
[2021-03-24T09:08:26,962][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_VOLUME_PREVWRITTEN"=>"Volume \\\"%{BACULA_VOLUME:volume}\\\" previously written, moving to end of data."}
[2021-03-24T09:08:26,963][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_READYAPPEND"=>"Ready to append to end of Volume \\\"%{BACULA_VOLUME:volume}\\\" size=%{INT}"}
[2021-03-24T09:08:26,964][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_CANCELLING"=>"Cancelling duplicate JobId=%{INT}."}
[2021-03-24T09:08:26,965][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_MARKCANCEL"=>"JobId %{INT}, Job %{BACULA_JOB:job} marked to be canceled."}
[2021-03-24T09:08:26,966][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_CLIENT_RBJ"=>"shell command: run ClientRunBeforeJob \\\"%{GREEDYDATA:runjob}\\\""}
[2021-03-24T09:08:26,968][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_VSS"=>"(Generate )?VSS (Writer)?"}
[2021-03-24T09:08:26,969][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_MAXSTART"=>"Fatal error: Job canceled because max start delay time exceeded."}
[2021-03-24T09:08:26,970][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_DUPLICATE"=>"Fatal error: JobId %{INT:duplicate} already running. Duplicate job not allowed."}
[2021-03-24T09:08:26,971][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_NOJOBSTAT"=>"Fatal error: No Job status returned from FD."}
[2021-03-24T09:08:26,972][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_FATAL_CONN"=>"Fatal error: bsock.c:133 Unable to connect to (Client: %{BACULA_HOST:client}|Storage daemon) on %{HOSTNAME}:%{POSINT}. ERR=(?<berror>%{GREEDYDATA})"}
[2021-03-24T09:08:26,973][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_NO_CONNECT"=>"Warning: bsock.c:127 Could not connect to (Client: %{BACULA_HOST:client}|Storage daemon) on %{HOSTNAME}:%{POSINT}. ERR=(?<berror>%{GREEDYDATA})"}
[2021-03-24T09:08:26,974][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_NO_AUTH"=>"Fatal error: Unable to authenticate with File daemon at %{HOSTNAME}. Possible causes:"}
[2021-03-24T09:08:26,975][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_NOSUIT"=>"No prior or suitable Full backup found in catalog. Doing FULL backup."}
[2021-03-24T09:08:26,977][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_NOPRIOR"=>"No prior Full backup Job record found."}
[2021-03-24T09:08:26,978][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOG_JOB"=>"(Error: )?Bacula %{BACULA_HOST} %{BACULA_VERSION} \\(%{BACULA_VERSION}\\):"}
[2021-03-24T09:08:26,980][DEBUG][logstash.filters.grok ][main] Adding pattern {"BACULA_LOGLINE"=>"%{BACULA_TIMESTAMP:bts} %{BACULA_HOST:hostname} JobId %{INT:jobid}: (%{BACULA_LOG_MAX_CAPACITY}|%{BACULA_LOG_END_VOLUME}|%{BACULA_LOG_NEW_VOLUME}|%{BACULA_LOG_NEW_LABEL}|%{BACULA_LOG_WROTE_LABEL}|%{BACULA_LOG_NEW_MOUNT}|%{BACULA_LOG_NOOPEN}|%{BACULA_LOG_NOOPENDIR}|%{BACULA_LOG_NOSTAT}|%{BACULA_LOG_NOJOBS}|%{BACULA_LOG_ALL_RECORDS_PRUNED}|%{BACULA_LOG_BEGIN_PRUNE_JOBS}|%{BACULA_LOG_BEGIN_PRUNE_FILES}|%{BACULA_LOG_PRUNED_JOBS}|%{BACULA_LOG_PRUNED_FILES}|%{BACULA_LOG_ENDPRUNE}|%{BACULA_LOG_STARTJOB}|%{BACULA_LOG_STARTRESTORE}|%{BACULA_LOG_USEDEVICE}|%{BACULA_LOG_DIFF_FS}|%{BACULA_LOG_JOBEND}|%{BACULA_LOG_NOPRUNE_JOBS}|%{BACULA_LOG_NOPRUNE_FILES}|%{BACULA_LOG_VOLUME_PREVWRITTEN}|%{BACULA_LOG_READYAPPEND}|%{BACULA_LOG_CANCELLING}|%{BACULA_LOG_MARKCANCEL}|%{BACULA_LOG_CLIENT_RBJ}|%{BACULA_LOG_VSS}|%{BACULA_LOG_MAXSTART}|%{BACULA_LOG_DUPLICATE}|%{BACULA_LOG_NOJOBSTAT}|%{BACULA_LOG_FATAL_CONN}|%{BACULA_LOG_NO_CONNECT}|%{BACULA_LOG_NO_AUTH}|%{BACULA_LOG_NOSUIT}|%{BACULA_LOG_JOB}|%{BACULA_LOG_NOPRIOR})"}
[2021-03-24T09:08:26,982][DEBUG][logstash.filters.grok ][main] Adding pattern {"EXIM_MSGID"=>"[0-9A-Za-z]{6}-[0-9A-Za-z]{6}-[0-9A-Za-z]{2}"}
[2021-03-24T09:08:26,983][DEBUG][logstash.filters.grok ][main] Adding pattern {"EXIM_FLAGS"=>"(<=|[-=>*]>|[*]{2}|==)"}
[2021-03-24T09:08:26,984][DEBUG][logstash.filters.grok ][main] Adding pattern {"EXIM_DATE"=>"%{YEAR:exim_year}-%{MONTHNUM:exim_month}-%{MONTHDAY:exim_day} %{TIME:exim_time}"}
[2021-03-24T09:08:26,985][DEBUG][logstash.filters.grok ][main] Adding pattern {"EXIM_PID"=>"\\[%{POSINT}\\]"}
[2021-03-24T09:08:26,986][DEBUG][logstash.filters.grok ][main] Adding pattern {"EXIM_QT"=>"((\\d+y)?(\\d+w)?(\\d+d)?(\\d+h)?(\\d+m)?(\\d+s)?)"}
[2021-03-24T09:08:26,987][DEBUG][logstash.filters.grok ][main] Adding pattern {"EXIM_EXCLUDE_TERMS"=>"(Message is frozen|(Start|End) queue run| Warning: | retry time not reached | no (IP address|host name) found for (IP address|host) | unexpected disconnection while reading SMTP command | no immediate delivery: |another process is handling this message)"}
[2021-03-24T09:08:26,987][DEBUG][logstash.filters.grok ][main] Adding pattern {"EXIM_REMOTE_HOST"=>"(H=(%{NOTSPACE:remote_hostname} )?(\\(%{NOTSPACE:remote_heloname}\\) )?\\[%{IP:remote_host}\\])"}
[2021-03-24T09:08:26,988][DEBUG][logstash.filters.grok ][main] Adding pattern {"EXIM_INTERFACE"=>"(I=\\[%{IP:exim_interface}\\](:%{NUMBER:exim_interface_port}))"}
[2021-03-24T09:08:26,988][DEBUG][logstash.filters.grok ][main] Adding pattern {"EXIM_PROTOCOL"=>"(P=%{NOTSPACE:protocol})"}
[2021-03-24T09:08:26,989][DEBUG][logstash.filters.grok ][main] Adding pattern {"EXIM_MSG_SIZE"=>"(S=%{NUMBER:exim_msg_size})"}
[2021-03-24T09:08:26,990][DEBUG][logstash.filters.grok ][main] Adding pattern {"EXIM_HEADER_ID"=>"(id=%{NOTSPACE:exim_header_id})"}
[2021-03-24T09:08:26,991][DEBUG][logstash.filters.grok ][main] Adding pattern {"EXIM_SUBJECT"=>"(T=%{QS:exim_subject})"}
[2021-03-24T09:08:26,993][DEBUG][logstash.filters.grok ][main] Adding pattern {"REDISTIMESTAMP"=>"%{MONTHDAY} %{MONTH} %{TIME}"}
[2021-03-24T09:08:26,994][DEBUG][logstash.filters.grok ][main] Adding pattern {"REDISLOG"=>"\\[%{POSINT:pid}\\] %{REDISTIMESTAMP:timestamp} \\* "}
[2021-03-24T09:08:26,994][DEBUG][logstash.filters.grok ][main] Adding pattern {"REDISMONLOG"=>"%{NUMBER:timestamp} \\[%{INT:database} %{IP:client}:%{NUMBER:port}\\] \"%{WORD:command}\"\\s?%{GREEDYDATA:params}"}
[2021-03-24T09:08:26,995][DEBUG][logstash.filters.grok ][main] Adding pattern {"SQUID3"=>"%{NUMBER:timestamp}\\s+%{NUMBER:duration}\\s%{IP:client_address}\\s%{WORD:cache_result}/%{POSINT:status_code}\\s%{NUMBER:bytes}\\s%{WORD:request_method}\\s%{NOTSPACE:url}\\s(%{NOTSPACE:user}|-)\\s%{WORD:hierarchy_code}/%{IPORHOST:server}\\s%{NOTSPACE:content_type}"}
[2021-03-24T09:08:26,997][DEBUG][logstash.filters.grok ][main] Adding pattern {"MAVEN_VERSION"=>"(?:(\\d+)\\.)?(?:(\\d+)\\.)?(\\*|\\d+)(?:[.-](RELEASE|SNAPSHOT))?"}
[2021-03-24T09:08:26,998][DEBUG][logstash.filters.grok ][main] Adding pattern {"JAVACLASS"=>"(?:[a-zA-Z$_][a-zA-Z$_0-9]*\\.)*[a-zA-Z$_][a-zA-Z$_0-9]*"}
[2021-03-24T09:08:26,999][DEBUG][logstash.filters.grok ][main] Adding pattern {"JAVAFILE"=>"(?:[A-Za-z0-9_. -]+)"}
[2021-03-24T09:08:27,000][DEBUG][logstash.filters.grok ][main] Adding pattern {"JAVAMETHOD"=>"(?:(<(?:cl)?init>)|[a-zA-Z$_][a-zA-Z$_0-9]*)"}
[2021-03-24T09:08:27,001][DEBUG][logstash.filters.grok ][main] Adding pattern {"JAVASTACKTRACEPART"=>"%{SPACE}at %{JAVACLASS:class}\\.%{JAVAMETHOD:method}\\(%{JAVAFILE:file}(?::%{NUMBER:line})?\\)"}
[2021-03-24T09:08:27,002][DEBUG][logstash.filters.grok ][main] Adding pattern {"JAVATHREAD"=>"(?:[A-Z]{2}-Processor[\\d]+)"}
[2021-03-24T09:08:27,003][DEBUG][logstash.filters.grok ][main] Adding pattern {"JAVACLASS"=>"(?:[a-zA-Z0-9-]+\\.)+[A-Za-z0-9$]+"}
[2021-03-24T09:08:27,004][DEBUG][logstash.filters.grok ][main] Adding pattern {"JAVAFILE"=>"(?:[A-Za-z0-9_.-]+)"}
[2021-03-24T09:08:27,004][DEBUG][logstash.filters.grok ][main] Adding pattern {"JAVALOGMESSAGE"=>"(.*)"}
[2021-03-24T09:08:27,005][DEBUG][logstash.filters.grok ][main] Adding pattern {"CATALINA_DATESTAMP"=>"%{MONTH} %{MONTHDAY}, 20%{YEAR} %{HOUR}:?%{MINUTE}(?::?%{SECOND}) (?:AM|PM)"}
[2021-03-24T09:08:27,006][DEBUG][logstash.filters.grok ][main] Adding pattern {"TOMCAT_DATESTAMP"=>"20%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{HOUR}:?%{MINUTE}(?::?%{SECOND}) %{ISO8601_TIMEZONE}"}
[2021-03-24T09:08:27,007][DEBUG][logstash.filters.grok ][main] Adding pattern {"CATALINALOG"=>"%{CATALINA_DATESTAMP:timestamp} %{JAVACLASS:class} %{JAVALOGMESSAGE:logmessage}"}
[2021-03-24T09:08:27,008][DEBUG][logstash.filters.grok ][main] Adding pattern {"TOMCATLOG"=>"%{TOMCAT_DATESTAMP:timestamp} \\| %{LOGLEVEL:level} \\| %{JAVACLASS:class} - %{JAVALOGMESSAGE:logmessage}"}
[2021-03-24T09:08:27,009][DEBUG][logstash.filters.grok ][main] Adding pattern {"MONGO_LOG"=>"%{SYSLOGTIMESTAMP:timestamp} \\[%{WORD:component}\\] %{GREEDYDATA:message}"}
[2021-03-24T09:08:27,010][DEBUG][logstash.filters.grok ][main] Adding pattern {"MONGO_QUERY"=>"\\{ (?<={ ).*(?= } ntoreturn:) \\}"}
[2021-03-24T09:08:27,011][DEBUG][logstash.filters.grok ][main] Adding pattern {"MONGO_SLOWQUERY"=>"%{WORD} %{MONGO_WORDDASH:database}\\.%{MONGO_WORDDASH:collection} %{WORD}: %{MONGO_QUERY:query} %{WORD}:%{NONNEGINT:ntoreturn} %{WORD}:%{NONNEGINT:ntoskip} %{WORD}:%{NONNEGINT:nscanned}.*nreturned:%{NONNEGINT:nreturned}..+ (?<duration>[0-9]+)ms"}
[2021-03-24T09:08:27,012][DEBUG][logstash.filters.grok ][main] Adding pattern {"MONGO_WORDDASH"=>"\\b[\\w-]+\\b"}
[2021-03-24T09:08:27,013][DEBUG][logstash.filters.grok ][main] Adding pattern {"MONGO3_SEVERITY"=>"\\w"}
[2021-03-24T09:08:27,015][DEBUG][logstash.filters.grok ][main] Adding pattern {"MONGO3_COMPONENT"=>"%{WORD}|-"}
[2021-03-24T09:08:27,015][DEBUG][logstash.filters.grok ][main] Adding pattern {"MONGO3_LOG"=>"%{TIMESTAMP_ISO8601:timestamp} %{MONGO3_SEVERITY:severity} %{MONGO3_COMPONENT:component}%{SPACE}(?:\\[%{DATA:context}\\])? %{GREEDYDATA:message}"}
[2021-03-24T09:08:27,017][DEBUG][logstash.filters.grok ][main] Adding pattern {"HTTPDUSER"=>"%{EMAILADDRESS}|%{USER}"}
[2021-03-24T09:08:27,018][DEBUG][logstash.filters.grok ][main] Adding pattern {"HTTPDERROR_DATE"=>"%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}"}
[2021-03-24T09:08:27,019][DEBUG][logstash.filters.grok ][main] Adding pattern {"HTTPD_COMMONLOG"=>"%{IPORHOST:clientip} %{HTTPDUSER:ident} %{HTTPDUSER:auth} \\[%{HTTPDATE:timestamp}\\] \"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" %{NUMBER:response} (?:%{NUMBER:bytes}|-)"}
[2021-03-24T09:08:27,020][DEBUG][logstash.filters.grok ][main] Adding pattern {"HTTPD_COMBINEDLOG"=>"%{HTTPD_COMMONLOG} %{QS:referrer} %{QS:agent}"}
[2021-03-24T09:08:27,020][DEBUG][logstash.filters.grok ][main] Adding pattern {"HTTPD20_ERRORLOG"=>"\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{LOGLEVEL:loglevel}\\] (?:\\[client %{IPORHOST:clientip}\\] ){0,1}%{GREEDYDATA:message}"}
[2021-03-24T09:08:27,021][DEBUG][logstash.filters.grok ][main] Adding pattern {"HTTPD24_ERRORLOG"=>"\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{WORD:module}:%{LOGLEVEL:loglevel}\\] \\[pid %{POSINT:pid}(:tid %{NUMBER:tid})?\\]( \\(%{POSINT:proxy_errorcode}\\)%{DATA:proxy_message}:)?( \\[client %{IPORHOST:clientip}:%{POSINT:clientport}\\])?( %{DATA:errorcode}:)? %{GREEDYDATA:message}"}
[2021-03-24T09:08:27,021][DEBUG][logstash.filters.grok ][main] Adding pattern {"HTTPD_ERRORLOG"=>"%{HTTPD20_ERRORLOG}|%{HTTPD24_ERRORLOG}"}
[2021-03-24T09:08:27,022][DEBUG][logstash.filters.grok ][main] Adding pattern {"COMMONAPACHELOG"=>"%{HTTPD_COMMONLOG}"}
[2021-03-24T09:08:27,023][DEBUG][logstash.filters.grok ][main] Adding pattern {"COMBINEDAPACHELOG"=>"%{HTTPD_COMBINEDLOG}"}
[2021-03-24T09:08:27,024][DEBUG][logstash.filters.grok ][main] Adding pattern {"S3_REQUEST_LINE"=>"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})"}
[2021-03-24T09:08:27,025][DEBUG][logstash.filters.grok ][main] Adding pattern {"S3_ACCESS_LOG"=>"%{WORD:owner} %{NOTSPACE:bucket} \\[%{HTTPDATE:timestamp}\\] %{IP:clientip} %{NOTSPACE:requester} %{NOTSPACE:request_id} %{NOTSPACE:operation} %{NOTSPACE:key} (?:\"%{S3_REQUEST_LINE}\"|-) (?:%{INT:response:int}|-) (?:-|%{NOTSPACE:error_code}) (?:%{INT:bytes:int}|-) (?:%{INT:object_size:int}|-) (?:%{INT:request_time_ms:int}|-) (?:%{INT:turnaround_time_ms:int}|-) (?:%{QS:referrer}|-) (?:\"?%{QS:agent}\"?|-) (?:-|%{NOTSPACE:version_id})"}
[2021-03-24T09:08:27,026][DEBUG][logstash.filters.grok ][main] Adding pattern {"ELB_URIPATHPARAM"=>"%{URIPATH:path}(?:%{URIPARAM:params})?"}
[2021-03-24T09:08:27,027][DEBUG][logstash.filters.grok ][main] Adding pattern {"ELB_URI"=>"%{URIPROTO:proto}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST:urihost})?(?:%{ELB_URIPATHPARAM})?"}
[2021-03-24T09:08:27,028][DEBUG][logstash.filters.grok ][main] Adding pattern {"ELB_REQUEST_LINE"=>"(?:%{WORD:verb} %{ELB_URI:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})"}
[2021-03-24T09:08:27,029][DEBUG][logstash.filters.grok ][main] Adding pattern {"ELB_ACCESS_LOG"=>"%{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE:elb} %{IP:clientip}:%{INT:clientport:int} (?:(%{IP:backendip}:?:%{INT:backendport:int})|-) %{NUMBER:request_processing_time:float} %{NUMBER:backend_processing_time:float} %{NUMBER:response_processing_time:float} %{INT:response:int} %{INT:backend_response:int} %{INT:received_bytes:int} %{INT:bytes:int} \"%{ELB_REQUEST_LINE}\""}
[2021-03-24T09:08:27,030][DEBUG][logstash.filters.grok ][main] Adding pattern {"CLOUDFRONT_ACCESS_LOG"=>"(?<timestamp>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}\\t%{TIME})\\t%{WORD:x_edge_location}\\t(?:%{NUMBER:sc_bytes:int}|-)\\t%{IPORHOST:clientip}\\t%{WORD:cs_method}\\t%{HOSTNAME:cs_host}\\t%{NOTSPACE:cs_uri_stem}\\t%{NUMBER:sc_status:int}\\t%{GREEDYDATA:referrer}\\t%{GREEDYDATA:agent}\\t%{GREEDYDATA:cs_uri_query}\\t%{GREEDYDATA:cookies}\\t%{WORD:x_edge_result_type}\\t%{NOTSPACE:x_edge_request_id}\\t%{HOSTNAME:x_host_header}\\t%{URIPROTO:cs_protocol}\\t%{INT:cs_bytes:int}\\t%{GREEDYDATA:time_taken:float}\\t%{GREEDYDATA:x_forwarded_for}\\t%{GREEDYDATA:ssl_protocol}\\t%{GREEDYDATA:ssl_cipher}\\t%{GREEDYDATA:x_edge_response_result_type}"}
[2021-03-24T09:08:27,031][DEBUG][logstash.filters.grok ][main] Adding pattern {"MCOLLECTIVE"=>"., \\[%{TIMESTAMP_ISO8601:timestamp} #%{POSINT:pid}\\]%{SPACE}%{LOGLEVEL:event_level}"}
[2021-03-24T09:08:27,033][DEBUG][logstash.filters.grok ][main] Adding pattern {"MCOLLECTIVEAUDIT"=>"%{TIMESTAMP_ISO8601:timestamp}:"}
[2021-03-24T09:08:27,034][DEBUG][logstash.filters.grok ][main] Adding pattern {"NETSCREENSESSIONLOG"=>"%{SYSLOGTIMESTAMP:date} %{IPORHOST:device} %{IPORHOST}: NetScreen device_id=%{WORD:device_id}%{DATA}: start_time=%{QUOTEDSTRING:start_time} duration=%{INT:duration} policy_id=%{INT:policy_id} service=%{DATA:service} proto=%{INT:proto} src zone=%{WORD:src_zone} dst zone=%{WORD:dst_zone} action=%{WORD:action} sent=%{INT:sent} rcvd=%{INT:rcvd} src=%{IPORHOST:src_ip} dst=%{IPORHOST:dst_ip} src_port=%{INT:src_port} dst_port=%{INT:dst_port} src-xlated ip=%{IPORHOST:src_xlated_ip} port=%{INT:src_xlated_port} dst-xlated ip=%{IPORHOST:dst_xlated_ip} port=%{INT:dst_xlated_port} session_id=%{INT:session_id} reason=%{GREEDYDATA:reason}"}
[2021-03-24T09:08:27,035][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCO_TAGGED_SYSLOG"=>"^<%{POSINT:syslog_pri}>%{CISCOTIMESTAMP:timestamp}( %{SYSLOGHOST:sysloghost})? ?: %%{CISCOTAG:ciscotag}:"}
[2021-03-24T09:08:27,036][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOTIMESTAMP"=>"%{MONTH} +%{MONTHDAY}(?: %{YEAR})? %{TIME}"}
[2021-03-24T09:08:27,036][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOTAG"=>"[A-Z0-9]+-%{INT}-(?:[A-Z0-9_]+)"}
[2021-03-24T09:08:27,037][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCO_ACTION"=>"Built|Teardown|Deny|Denied|denied|requested|permitted|denied by ACL|discarded|est-allowed|Dropping|created|deleted"}
[2021-03-24T09:08:27,038][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCO_REASON"=>"Duplicate TCP SYN|Failed to locate egress interface|Invalid transport field|No matching connection|DNS Response|DNS Query|(?:%{WORD}\\s*)*"}
[2021-03-24T09:08:27,038][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCO_DIRECTION"=>"Inbound|inbound|Outbound|outbound"}
[2021-03-24T09:08:27,039][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCO_INTERVAL"=>"first hit|%{INT}-second interval"}
[2021-03-24T09:08:27,040][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCO_XLATE_TYPE"=>"static|dynamic"}
[2021-03-24T09:08:27,040][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW104001"=>"\\((?:Primary|Secondary)\\) Switching to ACTIVE - %{GREEDYDATA:switch_reason}"}
[2021-03-24T09:08:27,041][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW104002"=>"\\((?:Primary|Secondary)\\) Switching to STANDBY - %{GREEDYDATA:switch_reason}"}
[2021-03-24T09:08:27,042][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW104003"=>"\\((?:Primary|Secondary)\\) Switching to FAILED\\."}
[2021-03-24T09:08:27,043][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW104004"=>"\\((?:Primary|Secondary)\\) Switching to OK\\."}
[2021-03-24T09:08:27,043][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW105003"=>"\\((?:Primary|Secondary)\\) Monitoring on [Ii]nterface %{GREEDYDATA:interface_name} waiting"}
[2021-03-24T09:08:27,044][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW105004"=>"\\((?:Primary|Secondary)\\) Monitoring on [Ii]nterface %{GREEDYDATA:interface_name} normal"}
[2021-03-24T09:08:27,045][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW105005"=>"\\((?:Primary|Secondary)\\) Lost Failover communications with mate on [Ii]nterface %{GREEDYDATA:interface_name}"}
[2021-03-24T09:08:27,046][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW105008"=>"\\((?:Primary|Secondary)\\) Testing [Ii]nterface %{GREEDYDATA:interface_name}"}
[2021-03-24T09:08:27,047][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW105009"=>"\\((?:Primary|Secondary)\\) Testing on [Ii]nterface %{GREEDYDATA:interface_name} (?:Passed|Failed)"}
[2021-03-24T09:08:27,047][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW106001"=>"%{CISCO_DIRECTION:direction} %{WORD:protocol} connection %{CISCO_ACTION:action} from %{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port} flags %{GREEDYDATA:tcp_flags} on interface %{GREEDYDATA:interface}"}
[2021-03-24T09:08:27,048][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW106006_106007_106010"=>"%{CISCO_ACTION:action} %{CISCO_DIRECTION:direction} %{WORD:protocol} (?:from|src) %{IP:src_ip}/%{INT:src_port}(\\(%{DATA:src_fwuser}\\))? (?:to|dst) %{IP:dst_ip}/%{INT:dst_port}(\\(%{DATA:dst_fwuser}\\))? (?:on interface %{DATA:interface}|due to %{CISCO_REASON:reason})"}
[2021-03-24T09:08:27,049][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW106014"=>"%{CISCO_ACTION:action} %{CISCO_DIRECTION:direction} %{WORD:protocol} src %{DATA:src_interface}:%{IP:src_ip}(\\(%{DATA:src_fwuser}\\))? dst %{DATA:dst_interface}:%{IP:dst_ip}(\\(%{DATA:dst_fwuser}\\))? \\(type %{INT:icmp_type}, code %{INT:icmp_code}\\)"}
[2021-03-24T09:08:27,050][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW106015"=>"%{CISCO_ACTION:action} %{WORD:protocol} \\(%{DATA:policy_id}\\) from %{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port} flags %{DATA:tcp_flags} on interface %{GREEDYDATA:interface}"}
[2021-03-24T09:08:27,051][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW106021"=>"%{CISCO_ACTION:action} %{WORD:protocol} reverse path check from %{IP:src_ip} to %{IP:dst_ip} on interface %{GREEDYDATA:interface}"}
[2021-03-24T09:08:27,052][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW106023"=>"%{CISCO_ACTION:action}( protocol)? %{WORD:protocol} src %{DATA:src_interface}:%{DATA:src_ip}(/%{INT:src_port})?(\\(%{DATA:src_fwuser}\\))? dst %{DATA:dst_interface}:%{DATA:dst_ip}(/%{INT:dst_port})?(\\(%{DATA:dst_fwuser}\\))?( \\(type %{INT:icmp_type}, code %{INT:icmp_code}\\))? by access-group \"?%{DATA:policy_id}\"? \\[%{DATA:hashcode1}, %{DATA:hashcode2}\\]"}
[2021-03-24T09:08:27,054][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW106100_2_3"=>"access-list %{NOTSPACE:policy_id} %{CISCO_ACTION:action} %{WORD:protocol} for user '%{DATA:src_fwuser}' %{DATA:src_interface}/%{IP:src_ip}\\(%{INT:src_port}\\) -> %{DATA:dst_interface}/%{IP:dst_ip}\\(%{INT:dst_port}\\) hit-cnt %{INT:hit_count} %{CISCO_INTERVAL:interval} \\[%{DATA:hashcode1}, %{DATA:hashcode2}\\]"}
[2021-03-24T09:08:27,055][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW106100"=>"access-list %{NOTSPACE:policy_id} %{CISCO_ACTION:action} %{WORD:protocol} %{DATA:src_interface}/%{IP:src_ip}\\(%{INT:src_port}\\)(\\(%{DATA:src_fwuser}\\))? -> %{DATA:dst_interface}/%{IP:dst_ip}\\(%{INT:dst_port}\\)(\\(%{DATA:src_fwuser}\\))? hit-cnt %{INT:hit_count} %{CISCO_INTERVAL:interval} \\[%{DATA:hashcode1}, %{DATA:hashcode2}\\]"}
[2021-03-24T09:08:27,056][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW304001"=>"%{IP:src_ip}(\\(%{DATA:src_fwuser}\\))? Accessed URL %{IP:dst_ip}:%{GREEDYDATA:dst_url}"}
[2021-03-24T09:08:27,057][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW110002"=>"%{CISCO_REASON:reason} for %{WORD:protocol} from %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port}"}
[2021-03-24T09:08:27,058][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW302010"=>"%{INT:connection_count} in use, %{INT:connection_count_max} most used"}
[2021-03-24T09:08:27,058][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW302013_302014_302015_302016"=>"%{CISCO_ACTION:action}(?: %{CISCO_DIRECTION:direction})? %{WORD:protocol} connection %{INT:connection_id} for %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port}( \\(%{IP:src_mapped_ip}/%{INT:src_mapped_port}\\))?(\\(%{DATA:src_fwuser}\\))? to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port}( \\(%{IP:dst_mapped_ip}/%{INT:dst_mapped_port}\\))?(\\(%{DATA:dst_fwuser}\\))?( duration %{TIME:duration} bytes %{INT:bytes})?(?: %{CISCO_REASON:reason})?( \\(%{DATA:user}\\))?"}
[2021-03-24T09:08:27,059][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW302020_302021"=>"%{CISCO_ACTION:action}(?: %{CISCO_DIRECTION:direction})? %{WORD:protocol} connection for faddr %{IP:dst_ip}/%{INT:icmp_seq_num}(?:\\(%{DATA:fwuser}\\))? gaddr %{IP:src_xlated_ip}/%{INT:icmp_code_xlated} laddr %{IP:src_ip}/%{INT:icmp_code}( \\(%{DATA:user}\\))?"}
[2021-03-24T09:08:27,060][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW305011"=>"%{CISCO_ACTION:action} %{CISCO_XLATE_TYPE:xlate_type} %{WORD:protocol} translation from %{DATA:src_interface}:%{IP:src_ip}(/%{INT:src_port})?(\\(%{DATA:src_fwuser}\\))? to %{DATA:src_xlated_interface}:%{IP:src_xlated_ip}/%{DATA:src_xlated_port}"}
[2021-03-24T09:08:27,061][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW313001_313004_313008"=>"%{CISCO_ACTION:action} %{WORD:protocol} type=%{INT:icmp_type}, code=%{INT:icmp_code} from %{IP:src_ip} on interface %{DATA:interface}( to %{IP:dst_ip})?"}
[2021-03-24T09:08:27,062][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW313005"=>"%{CISCO_REASON:reason} for %{WORD:protocol} error message: %{WORD:err_protocol} src %{DATA:err_src_interface}:%{IP:err_src_ip}(\\(%{DATA:err_src_fwuser}\\))? dst %{DATA:err_dst_interface}:%{IP:err_dst_ip}(\\(%{DATA:err_dst_fwuser}\\))? \\(type %{INT:err_icmp_type}, code %{INT:err_icmp_code}\\) on %{DATA:interface} interface\\. Original IP payload: %{WORD:protocol} src %{IP:orig_src_ip}/%{INT:orig_src_port}(\\(%{DATA:orig_src_fwuser}\\))? dst %{IP:orig_dst_ip}/%{INT:orig_dst_port}(\\(%{DATA:orig_dst_fwuser}\\))?"}
[2021-03-24T09:08:27,063][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW321001"=>"Resource '%{WORD:resource_name}' limit of %{POSINT:resource_limit} reached for system"}
[2021-03-24T09:08:27,064][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW402117"=>"%{WORD:protocol}: Received a non-IPSec packet \\(protocol= %{WORD:orig_protocol}\\) from %{IP:src_ip} to %{IP:dst_ip}"}
[2021-03-24T09:08:27,065][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW402119"=>"%{WORD:protocol}: Received an %{WORD:orig_protocol} packet \\(SPI= %{DATA:spi}, sequence number= %{DATA:seq_num}\\) from %{IP:src_ip} \\(user= %{DATA:user}\\) to %{IP:dst_ip} that failed anti-replay checking"}
[2021-03-24T09:08:27,066][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW419001"=>"%{CISCO_ACTION:action} %{WORD:protocol} packet from %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port} to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port}, reason: %{GREEDYDATA:reason}"}
[2021-03-24T09:08:27,067][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW419002"=>"%{CISCO_REASON:reason} from %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port} to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port} with different initial sequence number"}
[2021-03-24T09:08:27,068][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW500004"=>"%{CISCO_REASON:reason} for protocol=%{WORD:protocol}, from %{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port}"}
[2021-03-24T09:08:27,069][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW602303_602304"=>"%{WORD:protocol}: An %{CISCO_DIRECTION:direction} %{GREEDYDATA:tunnel_type} SA \\(SPI= %{DATA:spi}\\) between %{IP:src_ip} and %{IP:dst_ip} \\(user= %{DATA:user}\\) has been %{CISCO_ACTION:action}"}
[2021-03-24T09:08:27,070][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW710001_710002_710003_710005_710006"=>"%{WORD:protocol} (?:request|access) %{CISCO_ACTION:action} from %{IP:src_ip}/%{INT:src_port} to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port}"}
[2021-03-24T09:08:27,072][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW713172"=>"Group = %{GREEDYDATA:group}, IP = %{IP:src_ip}, Automatic NAT Detection Status:\\s+Remote end\\s*%{DATA:is_remote_natted}\\s*behind a NAT device\\s+This\\s+end\\s*%{DATA:is_local_natted}\\s*behind a NAT device"}
[2021-03-24T09:08:27,073][DEBUG][logstash.filters.grok ][main] Adding pattern {"CISCOFW733100"=>"\\[\\s*%{DATA:drop_type}\\s*\\] drop %{DATA:drop_rate_id} exceeded. Current burst rate is %{INT:drop_rate_current_burst} per second, max configured rate is %{INT:drop_rate_max_burst}; Current average rate is %{INT:drop_rate_current_avg} per second, max configured rate is %{INT:drop_rate_max_avg}; Cumulative total count is %{INT:drop_total_count}"}
[2021-03-24T09:08:27,074][DEBUG][logstash.filters.grok ][main] Adding pattern {"SHOREWALL"=>"(%{SYSLOGTIMESTAMP:timestamp}) (%{WORD:nf_host}) kernel:.*Shorewall:(%{WORD:nf_action1})?:(%{WORD:nf_action2})?.*IN=(%{USERNAME:nf_in_interface})?.*(OUT= *MAC=(%{COMMONMAC:nf_dst_mac}):(%{COMMONMAC:nf_src_mac})?|OUT=%{USERNAME:nf_out_interface}).*SRC=(%{IPV4:nf_src_ip}).*DST=(%{IPV4:nf_dst_ip}).*LEN=(%{WORD:nf_len}).?*TOS=(%{WORD:nf_tos}).?*PREC=(%{WORD:nf_prec}).?*TTL=(%{INT:nf_ttl}).?*ID=(%{INT:nf_id}).?*PROTO=(%{WORD:nf_protocol}).?*SPT=(%{INT:nf_src_port}?.*DPT=%{INT:nf_dst_port}?.*)"}
[2021-03-24T09:08:27,075][DEBUG][logstash.filters.grok ][main] Adding pattern {"SFW2"=>"((%{SYSLOGTIMESTAMP})|(%{TIMESTAMP_ISO8601}))\\s*%{HOSTNAME}\\s*kernel\\S+\\s*%{NAGIOSTIME}\\s*SFW2\\-INext\\-%{NOTSPACE:nf_action}\\s*IN=%{USERNAME:nf_in_interface}.*OUT=((\\s*%{USERNAME:nf_out_interface})|(\\s*))MAC=((%{COMMONMAC:nf_dst_mac}:%{COMMONMAC:nf_src_mac})|(\\s*)).*SRC=%{IP:nf_src_ip}\\s*DST=%{IP:nf_dst_ip}.*PROTO=%{WORD:nf_protocol}((.*SPT=%{INT:nf_src_port}.*DPT=%{INT:nf_dst_port}.*)|())"}
[2021-03-24T09:08:27,076][DEBUG][logstash.filters.grok ][main] Adding pattern {"RT_FLOW_EVENT"=>"(RT_FLOW_SESSION_CREATE|RT_FLOW_SESSION_CLOSE|RT_FLOW_SESSION_DENY)"}
[2021-03-24T09:08:27,076][DEBUG][logstash.filters.grok ][main] Adding pattern {"RT_FLOW1"=>"%{RT_FLOW_EVENT:event}: %{GREEDYDATA:close-reason}: %{IP:src-ip}/%{INT:src-port}->%{IP:dst-ip}/%{INT:dst-port} %{DATA:service} %{IP:nat-src-ip}/%{INT:nat-src-port}->%{IP:nat-dst-ip}/%{INT:nat-dst-port} %{DATA:src-nat-rule-name} %{DATA:dst-nat-rule-name} %{INT:protocol-id} %{DATA:policy-name} %{DATA:from-zone} %{DATA:to-zone} %{INT:session-id} \\d+\\(%{DATA:sent}\\) \\d+\\(%{DATA:received}\\) %{INT:elapsed-time} .*"}
[2021-03-24T09:08:27,077][DEBUG][logstash.filters.grok ][main] Adding pattern {"RT_FLOW2"=>"%{RT_FLOW_EVENT:event}: session created %{IP:src-ip}/%{INT:src-port}->%{IP:dst-ip}/%{INT:dst-port} %{DATA:service} %{IP:nat-src-ip}/%{INT:nat-src-port}->%{IP:nat-dst-ip}/%{INT:nat-dst-port} %{DATA:src-nat-rule-name} %{DATA:dst-nat-rule-name} %{INT:protocol-id} %{DATA:policy-name} %{DATA:from-zone} %{DATA:to-zone} %{INT:session-id} .*"}
[2021-03-24T09:08:27,078][DEBUG][logstash.filters.grok ][main] Adding pattern {"RT_FLOW3"=>"%{RT_FLOW_EVENT:event}: session denied %{IP:src-ip}/%{INT:src-port}->%{IP:dst-ip}/%{INT:dst-port} %{DATA:service} %{INT:protocol-id}\\(\\d\\) %{DATA:policy-name} %{DATA:from-zone} %{DATA:to-zone} .*"}
[2021-03-24T09:08:27,079][DEBUG][logstash.filters.grok ][main] Adding pattern {"BIND9_TIMESTAMP"=>"%{MONTHDAY}[-]%{MONTH}[-]%{YEAR} %{TIME}"}
[2021-03-24T09:08:27,079][DEBUG][logstash.filters.grok ][main] Adding pattern {"BIND9"=>"%{BIND9_TIMESTAMP:timestamp} queries: %{LOGLEVEL:loglevel}: client %{IP:clientip}#%{POSINT:clientport} \\(%{GREEDYDATA:query}\\): query: %{GREEDYDATA:query} IN %{GREEDYDATA:querytype} \\(%{IP:dns}\\)"}
[2021-03-24T09:08:27,080][DEBUG][logstash.filters.grok ][main] Adding pattern {"SYSLOG5424PRINTASCII"=>"[!-~]+"}
[2021-03-24T09:08:27,081][DEBUG][logstash.filters.grok ][main] Adding pattern {"SYSLOGBASE2"=>"(?:%{SYSLOGTIMESTAMP:timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource}+(?: %{SYSLOGPROG}:|)"}
[2021-03-24T09:08:27,082][DEBUG][logstash.filters.grok ][main] Adding pattern {"SYSLOGPAMSESSION"=>"%{SYSLOGBASE} (?=%{GREEDYDATA:message})%{WORD:pam_module}\\(%{DATA:pam_caller}\\): session %{WORD:pam_session_state} for user %{USERNAME:username}(?: by %{GREEDYDATA:pam_by})?"}
[2021-03-24T09:08:27,084][DEBUG][logstash.filters.grok ][main] Adding pattern {"CRON_ACTION"=>"[A-Z ]+"}
[2021-03-24T09:08:27,084][DEBUG][logstash.filters.grok ][main] Adding pattern {"CRONLOG"=>"%{SYSLOGBASE} \\(%{USER:user}\\) %{CRON_ACTION:action} \\(%{DATA:message}\\)"}
[2021-03-24T09:08:27,085][DEBUG][logstash.filters.grok ][main] Adding pattern {"SYSLOGLINE"=>"%{SYSLOGBASE2} %{GREEDYDATA:message}"}
[2021-03-24T09:08:27,086][DEBUG][logstash.filters.grok ][main] Adding pattern {"SYSLOG5424PRI"=>"<%{NONNEGINT:syslog5424_pri}>"}
[2021-03-24T09:08:27,087][DEBUG][logstash.filters.grok ][main] Adding pattern {"SYSLOG5424SD"=>"\\[%{DATA}\\]+"}
[2021-03-24T09:08:27,090][DEBUG][logstash.filters.grok ][main] Adding pattern {"SYSLOG5424BASE"=>"%{SYSLOG5424PRI}%{NONNEGINT:syslog5424_ver} +(?:%{TIMESTAMP_ISO8601:syslog5424_ts}|-) +(?:%{IPORHOST:syslog5424_host}|-) +(-|%{SYSLOG5424PRINTASCII:syslog5424_app}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_proc}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_msgid}) +(?:%{SYSLOG5424SD:syslog5424_sd}|-|)"}
[2021-03-24T09:08:27,112][DEBUG][logstash.filters.grok ][main] Adding pattern {"SYSLOG5424LINE"=>"%{SYSLOG5424BASE} +%{GREEDYDATA:syslog5424_msg}"}
[2021-03-24T09:08:27,114][DEBUG][logstash.filters.grok ][main] Adding pattern {"MCOLLECTIVEAUDIT"=>"%{TIMESTAMP_ISO8601:timestamp}:"}
[2021-03-24T09:08:27,115][DEBUG][logstash.filters.grok ][main] Adding pattern {"RUBY_LOGLEVEL"=>"(?:DEBUG|FATAL|ERROR|WARN|INFO)"}
[2021-03-24T09:08:27,116][DEBUG][logstash.filters.grok ][main] Adding pattern {"RUBY_LOGGER"=>"[DFEWI], \\[%{TIMESTAMP_ISO8601:timestamp} #%{POSINT:pid}\\] *%{RUBY_LOGLEVEL:loglevel} -- +%{DATA:progname}: %{GREEDYDATA:message}"}
[2021-03-24T09:08:27,117][DEBUG][logstash.filters.grok ][main] Adding pattern {"RUUID"=>"\\h{32}"}
[2021-03-24T09:08:27,118][DEBUG][logstash.filters.grok ][main] Adding pattern {"RCONTROLLER"=>"(?<controller>[^#]+)#(?<action>\\w+)"}
[2021-03-24T09:08:27,119][DEBUG][logstash.filters.grok ][main] Adding pattern {"RAILS3HEAD"=>"(?m)Started %{WORD:verb} \"%{URIPATHPARAM:request}\" for %{IPORHOST:clientip} at (?<timestamp>%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{HOUR}:%{MINUTE}:%{SECOND} %{ISO8601_TIMEZONE})"}
[2021-03-24T09:08:27,119][DEBUG][logstash.filters.grok ][main] Adding pattern {"RPROCESSING"=>"\\W*Processing by %{RCONTROLLER} as (?<format>\\S+)(?:\\W*Parameters: {%{DATA:params}}\\W*)?"}
[2021-03-24T09:08:27,120][DEBUG][logstash.filters.grok ][main] Adding pattern {"RAILS3FOOT"=>"Completed %{NUMBER:response}%{DATA} in %{NUMBER:totalms}ms %{RAILS3PROFILE}%{GREEDYDATA}"}
[2021-03-24T09:08:27,121][DEBUG][logstash.filters.grok ][main] Adding pattern {"RAILS3PROFILE"=>"(?:\\(Views: %{NUMBER:viewms}ms \\| ActiveRecord: %{NUMBER:activerecordms}ms|\\(ActiveRecord: %{NUMBER:activerecordms}ms)?"}
[2021-03-24T09:08:27,121][DEBUG][logstash.filters.grok ][main] Adding pattern {"RAILS3"=>"%{RAILS3HEAD}(?:%{RPROCESSING})?(?<context>(?:%{DATA}\\n)*)(?:%{RAILS3FOOT})?"}
[2021-03-24T09:08:27,123][DEBUG][logstash.filters.grok ][main] Adding pattern {"HAPROXYTIME"=>"(?!<[0-9])%{HOUR:haproxy_hour}:%{MINUTE:haproxy_minute}(?::%{SECOND:haproxy_second})(?![0-9])"}
[2021-03-24T09:08:27,124][DEBUG][logstash.filters.grok ][main] Adding pattern {"HAPROXYDATE"=>"%{MONTHDAY:haproxy_monthday}/%{MONTH:haproxy_month}/%{YEAR:haproxy_year}:%{HAPROXYTIME:haproxy_time}.%{INT:haproxy_milliseconds}"}
[2021-03-24T09:08:27,124][DEBUG][logstash.filters.grok ][main] Adding pattern {"HAPROXYCAPTUREDREQUESTHEADERS"=>"%{DATA:captured_request_headers}"}
[2021-03-24T09:08:27,125][DEBUG][logstash.filters.grok ][main] Adding pattern {"HAPROXYCAPTUREDRESPONSEHEADERS"=>"%{DATA:captured_response_headers}"}
[2021-03-24T09:08:27,126][DEBUG][logstash.filters.grok ][main] Adding pattern {"HAPROXYHTTPBASE"=>"%{IP:client_ip}:%{INT:client_port} \\[%{HAPROXYDATE:accept_date}\\] %{NOTSPACE:frontend_name} %{NOTSPACE:backend_name}/%{NOTSPACE:server_name} %{INT:time_request}/%{INT:time_queue}/%{INT:time_backend_connect}/%{INT:time_backend_response}/%{NOTSPACE:time_duration} %{INT:http_status_code} %{NOTSPACE:bytes_read} %{DATA:captured_request_cookie} %{DATA:captured_response_cookie} %{NOTSPACE:termination_state} %{INT:actconn}/%{INT:feconn}/%{INT:beconn}/%{INT:srvconn}/%{NOTSPACE:retries} %{INT:srv_queue}/%{INT:backend_queue} (\\{%{HAPROXYCAPTUREDREQUESTHEADERS}\\})?( )?(\\{%{HAPROXYCAPTUREDRESPONSEHEADERS}\\})?( )?\"(<BADREQ>|(%{WORD:http_verb} (%{URIPROTO:http_proto}://)?(?:%{USER:http_user}(?::[^@]*)?@)?(?:%{URIHOST:http_host})?(?:%{URIPATHPARAM:http_request})?( HTTP/%{NUMBER:http_version})?))?\""}
[2021-03-24T09:08:27,126][DEBUG][logstash.filters.grok ][main] Adding pattern {"HAPROXYHTTP"=>"(?:%{SYSLOGTIMESTAMP:syslog_timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) %{IPORHOST:syslog_server} %{SYSLOGPROG}: %{HAPROXYHTTPBASE}"}
[2021-03-24T09:08:27,127][DEBUG][logstash.filters.grok ][main] Adding pattern {"HAPROXYTCP"=>"(?:%{SYSLOGTIMESTAMP:syslog_timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) %{IPORHOST:syslog_server} %{SYSLOGPROG}: %{IP:client_ip}:%{INT:client_port} \\[%{HAPROXYDATE:accept_date}\\] %{NOTSPACE:frontend_name} %{NOTSPACE:backend_name}/%{NOTSPACE:server_name} %{INT:time_queue}/%{INT:time_backend_connect}/%{NOTSPACE:time_duration} %{NOTSPACE:bytes_read} %{NOTSPACE:termination_state} %{INT:actconn}/%{INT:feconn}/%{INT:beconn}/%{INT:srvconn}/%{NOTSPACE:retries} %{INT:srv_queue}/%{INT:backend_queue}"}
[2021-03-24T09:08:27,128][DEBUG][logstash.filters.grok ][main] Adding pattern {"LOGEVELWITHSPACE"=>"%{LOGLEVEL}%{SPACE}"}
[2021-03-24T09:08:27,130][DEBUG][logstash.filters.grok ][main] Adding pattern {"MONTH"=>"\\b(?:J(?:a|ä)?n(?:uary|uar)?|Feb(?:ruary|ruar)?|M(?:a|ä)?r(?:ch|z)?|Apr(?:il)?|Ma(?:y|i)?|Jun(?:e|i)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|O(?:c|k)?t(?:ober)?|Nov(?:ember)?|De(?:c|z)(?:ember)?)\\b"}
[2021-03-24T09:08:27,130][DEBUG][logstash.filters.grok ][main] Adding pattern {"CATALINALOG"=>"%{MONTHDAY}-%{MONTH}-%{YEAR} %{TIME}"}
[2021-03-24T09:08:27,131][DEBUG][logstash.filters.grok ][main] Adding pattern {"DB2LOG"=>"%{YEAR}-%{MONTHNUM}-%{MONTHDAY}-%{HOUR}.%{MINUTE}.%{SECOND}"}
[2021-03-24T09:08:27,132][DEBUG][logstash.filters.grok ][main] Adding pattern {"INFORLOG"=>"%{MONTH}/%{MONTHDAY}/%{YEAR} %{TIME}"}
[2021-03-24T09:08:27,132][DEBUG][logstash.filters.grok ][main] Adding pattern {"INVARISLOG"=>"%{YEAR}.%{MONTHNUM}.%{MONTHDAY} %{TIME}"}
[2021-03-24T09:08:27,133][DEBUG][logstash.filters.grok ][main] Adding pattern {"JBOSSSERVERLOG"=>"%{MONTHDAY} %{MONTH} %{YEAR} %{TIME}"}
[2021-03-24T09:08:27,133][DEBUG][logstash.filters.grok ][main] Adding pattern {"MCAFEEERRLOG"=>"%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}"}
[2021-03-24T09:08:27,134][DEBUG][logstash.filters.grok ][main] Adding pattern {"SOPHOSLOG"=>"%{YEAR}:%{MONTHNUM}:%{MONTHDAY}-%{TIME} "}
[2021-03-24T09:08:27,134][DEBUG][logstash.filters.grok ][main] Adding pattern {"TOMCATSTDERRLOG"=>"%{MONTH} %{MONTHDAY}, %{YEAR} %{TIME} (AM|PM)"}
[2021-03-24T09:08:27,145][DEBUG][logstash.filters.grok ][main] replacement_pattern => (?<JBOSSSERVERLOG:timestamp>%{MONTHDAY} %{MONTH} %{YEAR} %{TIME})
[2021-03-24T09:08:27,146][DEBUG][logstash.filters.grok ][main] replacement_pattern => (?:(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9]))
[2021-03-24T09:08:27,146][DEBUG][logstash.filters.grok ][main] replacement_pattern => (?:\b(?:J(?:a|ä)?n(?:uary|uar)?|Feb(?:ruary|ruar)?|M(?:a|ä)?r(?:ch|z)?|Apr(?:il)?|Ma(?:y|i)?|Jun(?:e|i)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|O(?:c|k)?t(?:ober)?|Nov(?:ember)?|De(?:c|z)(?:ember)?)\b)
[2021-03-24T09:08:27,147][DEBUG][logstash.filters.grok ][main] replacement_pattern => (?:(?>\d\d){1,2})
[2021-03-24T09:08:27,148][DEBUG][logstash.filters.grok ][main] replacement_pattern => (?:(?!<[0-9])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![0-9]))
[2021-03-24T09:08:27,148][DEBUG][logstash.filters.grok ][main] replacement_pattern => (?:(?:2[0123]|[01]?[0-9]))
[2021-03-24T09:08:27,148][DEBUG][logstash.filters.grok ][main] replacement_pattern => (?:(?:[0-5][0-9]))
[2021-03-24T09:08:27,149][DEBUG][logstash.filters.grok ][main] replacement_pattern => (?:(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?))
[2021-03-24T09:08:27,149][DEBUG][logstash.filters.grok ][main] replacement_pattern => (?<LOGLEVEL:log.level>([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?))
[2021-03-24T09:08:27,153][DEBUG][logstash.filters.grok ][main] Grok compiled OK {:pattern=>"%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}", :expanded_pattern=>"(?<JBOSSSERVERLOG:timestamp>(?:(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])) (?:\\b(?:J(?:a|ä)?n(?:uary|uar)?|Feb(?:ruary|ruar)?|M(?:a|ä)?r(?:ch|z)?|Apr(?:il)?|Ma(?:y|i)?|Jun(?:e|i)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|O(?:c|k)?t(?:ober)?|Nov(?:ember)?|De(?:c|z)(?:ember)?)\\b) (?:(?>\\d\\d){1,2}) (?:(?!<[0-9])(?:(?:2[0123]|[01]?[0-9])):(?:(?:[0-5][0-9]))(?::(?:(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)))(?![0-9]))) (?<LOGLEVEL:log.level>([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?))"}
[2021-03-24T09:08:27,215][INFO ][logstash.javapipeline ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>12, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>1500, "pipeline.sources"=>["/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf"], :thread=>"#<Thread:0x65e1261e run>"}
[2021-03-24T09:08:27,812][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-grok{"patterns_dir"=>["/Users/philipp/Downloads/logstash/pipeline/custompattern"], "match"=>["message", "%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"], "add_field"=>["received_at", "%{@timestamp}"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:11:5:```
grok {
patterns_dir => ["/Users/philipp/Downloads/logstash/pipeline/custompattern"]
match => [
"message","%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"
]
add_field => ["received_at", "%{@timestamp}"]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@53e5cb12
[2021-03-24T09:08:27,812][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-grok{"patterns_dir"=>["/Users/philipp/Downloads/logstash/pipeline/custompattern"], "match"=>["message", "%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"], "add_field"=>["received_at", "%{@timestamp}"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:11:5:```
grok {
patterns_dir => ["/Users/philipp/Downloads/logstash/pipeline/custompattern"]
match => [
"message","%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"
]
add_field => ["received_at", "%{@timestamp}"]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@53e5cb12
[2021-03-24T09:08:27,812][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-grok{"patterns_dir"=>["/Users/philipp/Downloads/logstash/pipeline/custompattern"], "match"=>["message", "%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"], "add_field"=>["received_at", "%{@timestamp}"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:11:5:```
grok {
patterns_dir => ["/Users/philipp/Downloads/logstash/pipeline/custompattern"]
match => [
"message","%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"
]
add_field => ["received_at", "%{@timestamp}"]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@53e5cb12
[2021-03-24T09:08:27,812][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-grok{"patterns_dir"=>["/Users/philipp/Downloads/logstash/pipeline/custompattern"], "match"=>["message", "%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"], "add_field"=>["received_at", "%{@timestamp}"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:11:5:```
grok {
patterns_dir => ["/Users/philipp/Downloads/logstash/pipeline/custompattern"]
match => [
"message","%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"
]
add_field => ["received_at", "%{@timestamp}"]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@53e5cb12
[2021-03-24T09:08:27,812][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-grok{"patterns_dir"=>["/Users/philipp/Downloads/logstash/pipeline/custompattern"], "match"=>["message", "%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"], "add_field"=>["received_at", "%{@timestamp}"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:11:5:```
grok {
patterns_dir => ["/Users/philipp/Downloads/logstash/pipeline/custompattern"]
match => [
"message","%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"
]
add_field => ["received_at", "%{@timestamp}"]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@53e5cb12
[2021-03-24T09:08:27,812][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-grok{"patterns_dir"=>["/Users/philipp/Downloads/logstash/pipeline/custompattern"], "match"=>["message", "%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"], "add_field"=>["received_at", "%{@timestamp}"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:11:5:```
grok {
patterns_dir => ["/Users/philipp/Downloads/logstash/pipeline/custompattern"]
match => [
"message","%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"
]
add_field => ["received_at", "%{@timestamp}"]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@53e5cb12
[2021-03-24T09:08:27,812][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-grok{"patterns_dir"=>["/Users/philipp/Downloads/logstash/pipeline/custompattern"], "match"=>["message", "%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"], "add_field"=>["received_at", "%{@timestamp}"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:11:5:```
grok {
patterns_dir => ["/Users/philipp/Downloads/logstash/pipeline/custompattern"]
match => [
"message","%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"
]
add_field => ["received_at", "%{@timestamp}"]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@53e5cb12
[2021-03-24T09:08:27,812][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-grok{"patterns_dir"=>["/Users/philipp/Downloads/logstash/pipeline/custompattern"], "match"=>["message", "%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"], "add_field"=>["received_at", "%{@timestamp}"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:11:5:```
grok {
patterns_dir => ["/Users/philipp/Downloads/logstash/pipeline/custompattern"]
match => [
"message","%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"
]
add_field => ["received_at", "%{@timestamp}"]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@53e5cb12
[2021-03-24T09:08:27,812][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-grok{"patterns_dir"=>["/Users/philipp/Downloads/logstash/pipeline/custompattern"], "match"=>["message", "%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"], "add_field"=>["received_at", "%{@timestamp}"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:11:5:```
grok {
patterns_dir => ["/Users/philipp/Downloads/logstash/pipeline/custompattern"]
match => [
"message","%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"
]
add_field => ["received_at", "%{@timestamp}"]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@53e5cb12
[2021-03-24T09:08:27,812][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-grok{"patterns_dir"=>["/Users/philipp/Downloads/logstash/pipeline/custompattern"], "match"=>["message", "%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"], "add_field"=>["received_at", "%{@timestamp}"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:11:5:```
grok {
patterns_dir => ["/Users/philipp/Downloads/logstash/pipeline/custompattern"]
match => [
"message","%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"
]
add_field => ["received_at", "%{@timestamp}"]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@53e5cb12
[2021-03-24T09:08:27,812][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-grok{"patterns_dir"=>["/Users/philipp/Downloads/logstash/pipeline/custompattern"], "match"=>["message", "%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"], "add_field"=>["received_at", "%{@timestamp}"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:11:5:```
grok {
patterns_dir => ["/Users/philipp/Downloads/logstash/pipeline/custompattern"]
match => [
"message","%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"
]
add_field => ["received_at", "%{@timestamp}"]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@53e5cb12
[2021-03-24T09:08:27,812][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-grok{"patterns_dir"=>["/Users/philipp/Downloads/logstash/pipeline/custompattern"], "match"=>["message", "%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"], "add_field"=>["received_at", "%{@timestamp}"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:11:5:```
grok {
patterns_dir => ["/Users/philipp/Downloads/logstash/pipeline/custompattern"]
match => [
"message","%{JBOSSSERVERLOG:timestamp} %{LOGLEVEL:log.level}"
]
add_field => ["received_at", "%{@timestamp}"]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@53e5cb12
[2021-03-24T09:08:27,989][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled conditional
[if (event.getField('[timestamp]')=~(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|June?|July?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?))]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@e0fde248
[2021-03-24T09:08:27,990][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled conditional
[if (event.getField('[timestamp]')=~(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|June?|July?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?))]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@e0fde248
[2021-03-24T09:08:27,990][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled conditional
[if (event.getField('[timestamp]')=~(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|June?|July?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?))]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@e0fde248
[2021-03-24T09:08:27,990][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled conditional
[if (event.getField('[timestamp]')=~(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|June?|July?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?))]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@e0fde248
[2021-03-24T09:08:27,990][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled conditional
[if (event.getField('[timestamp]')=~(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|June?|July?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?))]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@e0fde248
[2021-03-24T09:08:27,992][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled conditional
[if (event.getField('[timestamp]')=~(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|June?|July?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?))]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@e0fde248
[2021-03-24T09:08:27,992][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled conditional
[if (event.getField('[timestamp]')=~(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|June?|July?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?))]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@e0fde248
[2021-03-24T09:08:27,992][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled conditional
[if (event.getField('[timestamp]')=~(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|June?|July?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?))]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@e0fde248
[2021-03-24T09:08:27,992][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled conditional
[if (event.getField('[timestamp]')=~(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|June?|July?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?))]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@e0fde248
[2021-03-24T09:08:27,993][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled conditional
[if (event.getField('[timestamp]')=~(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|June?|July?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?))]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@e0fde248
[2021-03-24T09:08:28,003][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled conditional
[if (event.getField('[timestamp]')=~(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|June?|July?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?))]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@e0fde248
[2021-03-24T09:08:28,004][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled conditional
[if (event.getField('[timestamp]')=~(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|June?|July?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?))]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@e0fde248
[2021-03-24T09:08:28,026][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"tag_on_failure"=>["english-datetime-error"], "match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS", "MMM dd, yyyy h:mm:ss a", "MMM dd, yyyy hh:mm:ss a", "MMM dd, yyyy hh:mm:ss,SSS a", "dd/MMM/yyyy:HH:mm:ss Z"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:19:7:```
date {
tag_on_failure => ["english-datetime-error"]
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS",
"MMM dd, yyyy h:mm:ss a",
"MMM dd, yyyy hh:mm:ss a",
"MMM dd, yyyy hh:mm:ss,SSS a",
"dd/MMM/yyyy:HH:mm:ss Z"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,028][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"tag_on_failure"=>["english-datetime-error"], "match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS", "MMM dd, yyyy h:mm:ss a", "MMM dd, yyyy hh:mm:ss a", "MMM dd, yyyy hh:mm:ss,SSS a", "dd/MMM/yyyy:HH:mm:ss Z"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:19:7:```
date {
tag_on_failure => ["english-datetime-error"]
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS",
"MMM dd, yyyy h:mm:ss a",
"MMM dd, yyyy hh:mm:ss a",
"MMM dd, yyyy hh:mm:ss,SSS a",
"dd/MMM/yyyy:HH:mm:ss Z"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,028][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"tag_on_failure"=>["english-datetime-error"], "match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS", "MMM dd, yyyy h:mm:ss a", "MMM dd, yyyy hh:mm:ss a", "MMM dd, yyyy hh:mm:ss,SSS a", "dd/MMM/yyyy:HH:mm:ss Z"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:19:7:```
date {
tag_on_failure => ["english-datetime-error"]
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS",
"MMM dd, yyyy h:mm:ss a",
"MMM dd, yyyy hh:mm:ss a",
"MMM dd, yyyy hh:mm:ss,SSS a",
"dd/MMM/yyyy:HH:mm:ss Z"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,030][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"tag_on_failure"=>["english-datetime-error"], "match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS", "MMM dd, yyyy h:mm:ss a", "MMM dd, yyyy hh:mm:ss a", "MMM dd, yyyy hh:mm:ss,SSS a", "dd/MMM/yyyy:HH:mm:ss Z"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:19:7:```
date {
tag_on_failure => ["english-datetime-error"]
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS",
"MMM dd, yyyy h:mm:ss a",
"MMM dd, yyyy hh:mm:ss a",
"MMM dd, yyyy hh:mm:ss,SSS a",
"dd/MMM/yyyy:HH:mm:ss Z"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,031][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"tag_on_failure"=>["english-datetime-error"], "match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS", "MMM dd, yyyy h:mm:ss a", "MMM dd, yyyy hh:mm:ss a", "MMM dd, yyyy hh:mm:ss,SSS a", "dd/MMM/yyyy:HH:mm:ss Z"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:19:7:```
date {
tag_on_failure => ["english-datetime-error"]
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS",
"MMM dd, yyyy h:mm:ss a",
"MMM dd, yyyy hh:mm:ss a",
"MMM dd, yyyy hh:mm:ss,SSS a",
"dd/MMM/yyyy:HH:mm:ss Z"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,031][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"tag_on_failure"=>["english-datetime-error"], "match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS", "MMM dd, yyyy h:mm:ss a", "MMM dd, yyyy hh:mm:ss a", "MMM dd, yyyy hh:mm:ss,SSS a", "dd/MMM/yyyy:HH:mm:ss Z"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:19:7:```
date {
tag_on_failure => ["english-datetime-error"]
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS",
"MMM dd, yyyy h:mm:ss a",
"MMM dd, yyyy hh:mm:ss a",
"MMM dd, yyyy hh:mm:ss,SSS a",
"dd/MMM/yyyy:HH:mm:ss Z"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,031][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"tag_on_failure"=>["english-datetime-error"], "match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS", "MMM dd, yyyy h:mm:ss a", "MMM dd, yyyy hh:mm:ss a", "MMM dd, yyyy hh:mm:ss,SSS a", "dd/MMM/yyyy:HH:mm:ss Z"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:19:7:```
date {
tag_on_failure => ["english-datetime-error"]
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS",
"MMM dd, yyyy h:mm:ss a",
"MMM dd, yyyy hh:mm:ss a",
"MMM dd, yyyy hh:mm:ss,SSS a",
"dd/MMM/yyyy:HH:mm:ss Z"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,032][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"tag_on_failure"=>["english-datetime-error"], "match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS", "MMM dd, yyyy h:mm:ss a", "MMM dd, yyyy hh:mm:ss a", "MMM dd, yyyy hh:mm:ss,SSS a", "dd/MMM/yyyy:HH:mm:ss Z"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:19:7:```
date {
tag_on_failure => ["english-datetime-error"]
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS",
"MMM dd, yyyy h:mm:ss a",
"MMM dd, yyyy hh:mm:ss a",
"MMM dd, yyyy hh:mm:ss,SSS a",
"dd/MMM/yyyy:HH:mm:ss Z"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,032][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"tag_on_failure"=>["english-datetime-error"], "match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS", "MMM dd, yyyy h:mm:ss a", "MMM dd, yyyy hh:mm:ss a", "MMM dd, yyyy hh:mm:ss,SSS a", "dd/MMM/yyyy:HH:mm:ss Z"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:19:7:```
date {
tag_on_failure => ["english-datetime-error"]
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS",
"MMM dd, yyyy h:mm:ss a",
"MMM dd, yyyy hh:mm:ss a",
"MMM dd, yyyy hh:mm:ss,SSS a",
"dd/MMM/yyyy:HH:mm:ss Z"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,032][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"tag_on_failure"=>["english-datetime-error"], "match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS", "MMM dd, yyyy h:mm:ss a", "MMM dd, yyyy hh:mm:ss a", "MMM dd, yyyy hh:mm:ss,SSS a", "dd/MMM/yyyy:HH:mm:ss Z"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:19:7:```
date {
tag_on_failure => ["english-datetime-error"]
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS",
"MMM dd, yyyy h:mm:ss a",
"MMM dd, yyyy hh:mm:ss a",
"MMM dd, yyyy hh:mm:ss,SSS a",
"dd/MMM/yyyy:HH:mm:ss Z"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,032][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"tag_on_failure"=>["english-datetime-error"], "match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS", "MMM dd, yyyy h:mm:ss a", "MMM dd, yyyy hh:mm:ss a", "MMM dd, yyyy hh:mm:ss,SSS a", "dd/MMM/yyyy:HH:mm:ss Z"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:19:7:```
date {
tag_on_failure => ["english-datetime-error"]
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS",
"MMM dd, yyyy h:mm:ss a",
"MMM dd, yyyy hh:mm:ss a",
"MMM dd, yyyy hh:mm:ss,SSS a",
"dd/MMM/yyyy:HH:mm:ss Z"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,032][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"tag_on_failure"=>["english-datetime-error"], "match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS", "MMM dd, yyyy h:mm:ss a", "MMM dd, yyyy hh:mm:ss a", "MMM dd, yyyy hh:mm:ss,SSS a", "dd/MMM/yyyy:HH:mm:ss Z"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:19:7:```
date {
tag_on_failure => ["english-datetime-error"]
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS",
"MMM dd, yyyy h:mm:ss a",
"MMM dd, yyyy hh:mm:ss a",
"MMM dd, yyyy hh:mm:ss,SSS a",
"dd/MMM/yyyy:HH:mm:ss Z"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,046][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:31:7:```
date {
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,048][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:31:7:```
date {
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,048][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:31:7:```
date {
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,048][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:31:7:```
date {
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,049][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:31:7:```
date {
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,049][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:31:7:```
date {
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,048][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:31:7:```
date {
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,052][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:31:7:```
date {
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,054][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:31:7:```
date {
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,060][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:31:7:```
date {
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,063][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:31:7:```
date {
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,065][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled filter
P[filter-date{"match"=>["timestamp", "dd MMM yyyy HH:mm:ss,SSS"]}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:31:7:```
date {
match => [
"timestamp",
"dd MMM yyyy HH:mm:ss,SSS"
]
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@8d7da797
[2021-03-24T09:08:28,078][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled output
P[output-stdout{"codec"=>"json"}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:42:5:```
stdout{
codec => json
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@3fdc2b9c
[2021-03-24T09:08:28,078][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled output
P[output-stdout{"codec"=>"json"}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:42:5:```
stdout{
codec => json
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@3fdc2b9c
[2021-03-24T09:08:28,079][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled output
P[output-stdout{"codec"=>"json"}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:42:5:```
stdout{
codec => json
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@3fdc2b9c
[2021-03-24T09:08:28,080][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled output
P[output-stdout{"codec"=>"json"}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:42:5:```
stdout{
codec => json
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@3fdc2b9c
[2021-03-24T09:08:28,080][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled output
P[output-stdout{"codec"=>"json"}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:42:5:```
stdout{
codec => json
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@3fdc2b9c
[2021-03-24T09:08:28,080][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled output
P[output-stdout{"codec"=>"json"}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:42:5:```
stdout{
codec => json
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@3fdc2b9c
[2021-03-24T09:08:28,081][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled output
P[output-stdout{"codec"=>"json"}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:42:5:```
stdout{
codec => json
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@3fdc2b9c
[2021-03-24T09:08:28,081][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled output
P[output-stdout{"codec"=>"json"}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:42:5:```
stdout{
codec => json
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@3fdc2b9c
[2021-03-24T09:08:28,081][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled output
P[output-stdout{"codec"=>"json"}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:42:5:```
stdout{
codec => json
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@3fdc2b9c
[2021-03-24T09:08:28,084][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled output
P[output-stdout{"codec"=>"json"}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:42:5:```
stdout{
codec => json
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@3fdc2b9c
[2021-03-24T09:08:28,088][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled output
P[output-stdout{"codec"=>"json"}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:42:5:```
stdout{
codec => json
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@3fdc2b9c
[2021-03-24T09:08:28,089][DEBUG][org.logstash.config.ir.CompiledPipeline][main] Compiled output
P[output-stdout{"codec"=>"json"}|[file]/Users/philipp/Downloads/logstash-7.11.2/config/logstash-sample.conf:42:5:```
stdout{
codec => json
}
```]
into
org.logstash.config.ir.compiler.ComputeStepSyntaxElement@3fdc2b9c
[2021-03-24T09:08:28,091][INFO ][logstash.javapipeline ][main] Pipeline Java execution initialization time {"seconds"=>0.87}
[2021-03-24T09:08:28,304][INFO ][logstash.inputs.file ][main] No sincedb_path set, generating one based on the "path" setting {:sincedb_path=>"/Users/philipp/Downloads/logstash-7.11.2/data/plugins/inputs/file/.sincedb_3181f68cb5c3fc4333df58ec4bd42702", :path=>["/Users/philipp/Downloads/logstash/log/demolog.log"]}
[2021-03-24T09:08:28,320][INFO ][logstash.javapipeline ][main] Pipeline started {"pipeline.id"=>"main"}
[2021-03-24T09:08:28,328][DEBUG][org.logstash.execution.PeriodicFlush][main] Pushing flush onto pipeline.
[2021-03-24T09:08:28,331][DEBUG][logstash.javapipeline ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x65e1261e run>"}
[2021-03-24T09:08:28,355][INFO ][filewatch.observingtail ][main][011c3222d4715af00506e1952db273d5229b5fff28d6251387d9b052fdd8e88b] START, creating Discoverer, Watch with file and sincedb collections
[2021-03-24T09:08:28,375][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2021-03-24T09:08:28,379][DEBUG][filewatch.sincedbcollection][main][011c3222d4715af00506e1952db273d5229b5fff28d6251387d9b052fdd8e88b] open: reading from /Users/philipp/Downloads/logstash-7.11.2/data/plugins/inputs/file/.sincedb_3181f68cb5c3fc4333df58ec4bd42702
[2021-03-24T09:08:28,394][DEBUG][logstash.agent ] Starting puma
[2021-03-24T09:08:28,406][DEBUG][logstash.agent ] Trying to start WebServer {:port=>9600}
[2021-03-24T09:08:28,437][DEBUG][logstash.api.service ] [api-service] start
[2021-03-24T09:08:28,563][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2021-03-24T09:08:29,530][DEBUG][filewatch.sincedbcollection][main][011c3222d4715af00506e1952db273d5229b5fff28d6251387d9b052fdd8e88b] writing sincedb (delta since last write = 1616573309)
[2021-03-24T09:08:29,763][DEBUG][logstash.instrument.periodicpoller.cgroup] One or more required cgroup files or directories not found: /proc/self/cgroup, /sys/fs/cgroup/cpuacct, /sys/fs/cgroup/cpu
[2021-03-24T09:08:29,868][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ParNew"}
[2021-03-24T09:08:29,870][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ConcurrentMarkSweep"}
[2021-03-24T09:08:33,330][DEBUG][org.logstash.execution.PeriodicFlush][main] Pushing flush onto pipeline.
[2021-03-24T09:08:34,784][DEBUG][logstash.instrument.periodicpoller.cgroup] One or more required cgroup files or directories not found: /proc/self/cgroup, /sys/fs/cgroup/cpuacct, /sys/fs/cgroup/cpu
[2021-03-24T09:08:34,880][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ParNew"}
[2021-03-24T09:08:34,890][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ConcurrentMarkSweep"}
[2021-03-24T09:08:38,328][DEBUG][org.logstash.execution.PeriodicFlush][main] Pushing flush onto pipeline.
[2021-03-24T09:08:39,789][DEBUG][logstash.instrument.periodicpoller.cgroup] One or more required cgroup files or directories not found: /proc/self/cgroup, /sys/fs/cgroup/cpuacct, /sys/fs/cgroup/cpu
[2021-03-24T09:08:39,899][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ParNew"}
[2021-03-24T09:08:39,900][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ConcurrentMarkSweep"}
[2021-03-24T09:08:43,329][DEBUG][org.logstash.execution.PeriodicFlush][main] Pushing flush onto pipeline.
[2021-03-24T09:08:44,609][DEBUG][filewatch.sincedbcollection][main][011c3222d4715af00506e1952db273d5229b5fff28d6251387d9b052fdd8e88b] writing sincedb (delta since last write = 15)
[2021-03-24T09:08:44,795][DEBUG][logstash.instrument.periodicpoller.cgroup] One or more required cgroup files or directories not found: /proc/self/cgroup, /sys/fs/cgroup/cpuacct, /sys/fs/cgroup/cpu
[2021-03-24T09:08:44,910][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ParNew"}
[2021-03-24T09:08:44,923][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ConcurrentMarkSweep"}
[2021-03-24T09:08:48,331][DEBUG][org.logstash.execution.PeriodicFlush][main] Pushing flush onto pipeline.
[2021-03-24T09:08:49,800][DEBUG][logstash.instrument.periodicpoller.cgroup] One or more required cgroup files or directories not found: /proc/self/cgroup, /sys/fs/cgroup/cpuacct, /sys/fs/cgroup/cpu
[2021-03-24T09:08:49,930][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ParNew"}
[2021-03-24T09:08:49,931][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ConcurrentMarkSweep"}
[2021-03-24T09:08:53,331][DEBUG][org.logstash.execution.PeriodicFlush][main] Pushing flush onto pipeline.
[2021-03-24T09:08:54,806][DEBUG][logstash.instrument.periodicpoller.cgroup] One or more required cgroup files or directories not found: /proc/self/cgroup, /sys/fs/cgroup/cpuacct, /sys/fs/cgroup/cpu
[2021-03-24T09:08:54,940][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ParNew"}
[2021-03-24T09:08:54,940][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ConcurrentMarkSweep"}
[2021-03-24T09:08:58,329][DEBUG][org.logstash.execution.PeriodicFlush][main] Pushing flush onto pipeline.
[2021-03-24T09:08:59,659][DEBUG][filewatch.sincedbcollection][main][011c3222d4715af00506e1952db273d5229b5fff28d6251387d9b052fdd8e88b] writing sincedb (delta since last write = 15)
[2021-03-24T09:08:59,809][DEBUG][logstash.instrument.periodicpoller.cgroup] One or more required cgroup files or directories not found: /proc/self/cgroup, /sys/fs/cgroup/cpuacct, /sys/fs/cgroup/cpu
[2021-03-24T09:08:59,946][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ParNew"}
[2021-03-24T09:08:59,948][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ConcurrentMarkSweep"}
[2021-03-24T09:09:03,331][DEBUG][org.logstash.execution.PeriodicFlush][main] Pushing flush onto pipeline.
[2021-03-24T09:09:04,816][DEBUG][logstash.instrument.periodicpoller.cgroup] One or more required cgroup files or directories not found: /proc/self/cgroup, /sys/fs/cgroup/cpuacct, /sys/fs/cgroup/cpu
[2021-03-24T09:09:04,955][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ParNew"}
[2021-03-24T09:09:04,956][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ConcurrentMarkSweep"}
[2021-03-24T09:09:08,327][DEBUG][org.logstash.execution.PeriodicFlush][main] Pushing flush onto pipeline.
[2021-03-24T09:09:09,822][DEBUG][logstash.instrument.periodicpoller.cgroup] One or more required cgroup files or directories not found: /proc/self/cgroup, /sys/fs/cgroup/cpuacct, /sys/fs/cgroup/cpu
[2021-03-24T09:09:09,965][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ParNew"}
[2021-03-24T09:09:09,965][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ConcurrentMarkSweep"}
[2021-03-24T09:09:11,748][DEBUG][filewatch.tailmode.handlers.grow][main][011c3222d4715af00506e1952db273d5229b5fff28d6251387d9b052fdd8e88b] controlled_read get chunk
[2021-03-24T09:09:11,760][DEBUG][logstash.inputs.file ][main][011c3222d4715af00506e1952db273d5229b5fff28d6251387d9b052fdd8e88b] Received line {:path=>"/Users/philipp/Downloads/logstash/log/demolog.log", :text=>"23 M\xC3\xA4r 2021 08:28:08,789 INFO additional log message"}
[2021-03-24T09:09:11,926][DEBUG][logstash.filters.grok ][main][c643bd5b27ad21ce338e1d2aeae905ecaec6e3fbd97b95fbdca8da8d84e5b278] Running grok filter {:event=>#<LogStash::Event:0x19c4177>}
[2021-03-24T09:09:11,967][DEBUG][logstash.util.decorators ][main][c643bd5b27ad21ce338e1d2aeae905ecaec6e3fbd97b95fbdca8da8d84e5b278] filters/LogStash::Filters::Grok: adding value to field {"field"=>"received_at", "value"=>["%{@timestamp}"]}
[2021-03-24T09:09:11,971][DEBUG][logstash.filters.grok ][main][c643bd5b27ad21ce338e1d2aeae905ecaec6e3fbd97b95fbdca8da8d84e5b278] Event now: {:event=>#<LogStash::Event:0x19c4177>}
{"timestamp":"23 Mär 2021 08:28:08,789","message":"23 Mär 2021 08:28:08,789 INFO additional log message","@timestamp":"2021-03-24T08:09:11.805Z","received_at":"2021-03-24T08:09:11.805Z","tags":["_dateparsefailure"],"log.level":"INFO","path":"/Users/philipp/Downloads/logstash/log/demolog.log","host":"TAG-499.local","@version":"1"}[2021-03-24T09:09:13,332][DEBUG][org.logstash.execution.PeriodicFlush][main] Pushing flush onto pipeline.
[2021-03-24T09:09:14,826][DEBUG][logstash.instrument.periodicpoller.cgroup] One or more required cgroup files or directories not found: /proc/self/cgroup, /sys/fs/cgroup/cpuacct, /sys/fs/cgroup/cpu
[2021-03-24T09:09:14,832][DEBUG][filewatch.sincedbcollection][main][011c3222d4715af00506e1952db273d5229b5fff28d6251387d9b052fdd8e88b] writing sincedb (delta since last write = 15)
[2021-03-24T09:09:14,970][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ParNew"}
[2021-03-24T09:09:14,971][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ConcurrentMarkSweep"}
[2021-03-24T09:09:18,331][DEBUG][org.logstash.execution.PeriodicFlush][main] Pushing flush onto pipeline.
[2021-03-24T09:09:19,833][DEBUG][logstash.instrument.periodicpoller.cgroup] One or more required cgroup files or directories not found: /proc/self/cgroup, /sys/fs/cgroup/cpuacct, /sys/fs/cgroup/cpu
[2021-03-24T09:09:19,979][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ParNew"}
[2021-03-24T09:09:19,980][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ConcurrentMarkSweep"}
[2021-03-24T09:09:23,330][DEBUG][org.logstash.execution.PeriodicFlush][main] Pushing flush onto pipeline.
[2021-03-24T09:09:24,838][DEBUG][logstash.instrument.periodicpoller.cgroup] One or more required cgroup files or directories not found: /proc/self/cgroup, /sys/fs/cgroup/cpuacct, /sys/fs/cgroup/cpu
[2021-03-24T09:09:24,986][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ParNew"}
[2021-03-24T09:09:24,987][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ConcurrentMarkSweep"}
[2021-03-24T09:09:28,329][DEBUG][org.logstash.execution.PeriodicFlush][main] Pushing flush onto pipeline.
[2021-03-24T09:09:29,843][DEBUG][logstash.instrument.periodicpoller.cgroup] One or more required cgroup files or directories not found: /proc/self/cgroup, /sys/fs/cgroup/cpuacct, /sys/fs/cgroup/cpu
[2021-03-24T09:09:29,886][DEBUG][filewatch.sincedbcollection][main][011c3222d4715af00506e1952db273d5229b5fff28d6251387d9b052fdd8e88b] writing sincedb (delta since last write = 15)
[2021-03-24T09:09:29,995][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ParNew"}
[2021-03-24T09:09:29,997][DEBUG][logstash.instrument.periodicpoller.jvm] collector name {:name=>"ConcurrentMarkSweep"}
[2021-03-24T09:09:31,895][WARN ][logstash.runner ] SIGINT received. Shutting down.
[2021-03-24T09:09:31,916][DEBUG][logstash.instrument.periodicpoller.os] Stopping
[2021-03-24T09:09:31,923][DEBUG][logstash.instrument.periodicpoller.jvm] Stopping
[2021-03-24T09:09:31,924][DEBUG][logstash.instrument.periodicpoller.persistentqueue] Stopping
[2021-03-24T09:09:31,924][DEBUG][logstash.instrument.periodicpoller.deadletterqueue] Stopping
[2021-03-24T09:09:31,927][DEBUG][logstash.agent ] Shutting down all pipelines {:pipelines_count=>1}
[2021-03-24T09:09:31,932][DEBUG][logstash.agent ] Converging pipelines state {:actions_count=>1}
[2021-03-24T09:09:31,935][DEBUG][logstash.agent ] Executing action {:action=>LogStash::PipelineAction::Stop/pipeline_id:main}
[2021-03-24T09:09:31,951][DEBUG][logstash.javapipeline ] Closing inputs {:pipeline_id=>"main", :thread=>"#<Thread:0x65e1261e sleep>"}
[2021-03-24T09:09:31,954][DEBUG][logstash.inputs.file ] Stopping {:plugin=>"LogStash::Inputs::File"}
[2021-03-24T09:09:31,969][INFO ][filewatch.observingtail ] QUIT - closing all files and shutting down.
[2021-03-24T09:09:31,972][DEBUG][logstash.javapipeline ] Closed inputs {:pipeline_id=>"main", :thread=>"#<Thread:0x65e1261e sleep>"}
[2021-03-24T09:09:32,917][DEBUG][logstash.inputs.file ][main][011c3222d4715af00506e1952db273d5229b5fff28d6251387d9b052fdd8e88b] Closing {:plugin=>"LogStash::Inputs::File"}
[2021-03-24T09:09:32,920][DEBUG][logstash.pluginmetadata ][main][011c3222d4715af00506e1952db273d5229b5fff28d6251387d9b052fdd8e88b] Removing metadata for plugin 011c3222d4715af00506e1952db273d5229b5fff28d6251387d9b052fdd8e88b
[2021-03-24T09:09:32,923][DEBUG][logstash.javapipeline ][main] Input plugins stopped! Will shutdown filter/output workers. {:pipeline_id=>"main", :thread=>"#<Thread:0x65e1261e run>"}
[2021-03-24T09:09:32,930][DEBUG][logstash.javapipeline ][main] Shutdown waiting for worker thread {:pipeline_id=>"main", :thread=>"#<Thread:0x44ecd413 run>"}
[2021-03-24T09:09:33,016][DEBUG][logstash.javapipeline ][main] Shutdown waiting for worker thread {:pipeline_id=>"main", :thread=>"#<Thread:0x52579595 run>"}
[2021-03-24T09:09:33,018][DEBUG][logstash.javapipeline ][main] Shutdown waiting for worker thread {:pipeline_id=>"main", :thread=>"#<Thread:0x2b16b310 dead>"}
[2021-03-24T09:09:33,020][DEBUG][logstash.javapipeline ][main] Shutdown waiting for worker thread {:pipeline_id=>"main", :thread=>"#<Thread:0x399b35b6 dead>"}
[2021-03-24T09:09:33,021][DEBUG][logstash.javapipeline ][main] Shutdown waiting for worker thread {:pipeline_id=>"main", :thread=>"#<Thread:0x6bacc843 dead>"}
[2021-03-24T09:09:33,021][DEBUG][logstash.javapipeline ][main] Shutdown waiting for worker thread {:pipeline_id=>"main", :thread=>"#<Thread:0x2b9bbf12 dead>"}
[2021-03-24T09:09:33,022][DEBUG][logstash.javapipeline ][main] Shutdown waiting for worker thread {:pipeline_id=>"main", :thread=>"#<Thread:0x300c32cb dead>"}
[2021-03-24T09:09:33,023][DEBUG][logstash.javapipeline ][main] Shutdown waiting for worker thread {:pipeline_id=>"main", :thread=>"#<Thread:0x655d5813 dead>"}
[2021-03-24T09:09:33,024][DEBUG][logstash.javapipeline ][main] Shutdown waiting for worker thread {:pipeline_id=>"main", :thread=>"#<Thread:0x71e3b3da dead>"}
[2021-03-24T09:09:33,026][DEBUG][logstash.javapipeline ][main] Shutdown waiting for worker thread {:pipeline_id=>"main", :thread=>"#<Thread:0x2dd8b085 dead>"}
[2021-03-24T09:09:33,027][DEBUG][logstash.javapipeline ][main] Shutdown waiting for worker thread {:pipeline_id=>"main", :thread=>"#<Thread:0x2338862b dead>"}
[2021-03-24T09:09:33,027][DEBUG][logstash.javapipeline ][main] Shutdown waiting for worker thread {:pipeline_id=>"main", :thread=>"#<Thread:0x3e7bdf06 dead>"}
[2021-03-24T09:09:33,029][DEBUG][logstash.filters.date ][main] Closing {:plugin=>"LogStash::Filters::Date"}
[2021-03-24T09:09:33,031][DEBUG][logstash.pluginmetadata ][main] Removing metadata for plugin cc24ef91d400591a4700a8205b3e844ddb8cec1ebcd39187733023fdeef9994a
[2021-03-24T09:09:33,032][DEBUG][logstash.filters.grok ][main] Closing {:plugin=>"LogStash::Filters::Grok"}
[2021-03-24T09:09:33,034][DEBUG][logstash.pluginmetadata ][main] Removing metadata for plugin c643bd5b27ad21ce338e1d2aeae905ecaec6e3fbd97b95fbdca8da8d84e5b278
[2021-03-24T09:09:33,035][DEBUG][logstash.filters.date ][main] Closing {:plugin=>"LogStash::Filters::Date"}
[2021-03-24T09:09:33,036][DEBUG][logstash.pluginmetadata ][main] Removing metadata for plugin dca5cfa43a615cfa6a7cda381c0e7f2eec4172490b60a985ec3ee37420ecb9ee
[2021-03-24T09:09:33,037][DEBUG][logstash.outputs.stdout ][main] Closing {:plugin=>"LogStash::Outputs::Stdout"}
[2021-03-24T09:09:33,038][DEBUG][logstash.pluginmetadata ][main] Removing metadata for plugin 0dcb731396e3a8aa16bcd138190d22118a1b42576e9d480ab0cf93ef4c026858
[2021-03-24T09:09:33,039][DEBUG][logstash.javapipeline ][main] Pipeline has been shutdown {:pipeline_id=>"main", :thread=>"#<Thread:0x65e1261e run>"}
[2021-03-24T09:09:33,041][INFO ][logstash.javapipeline ][main] Pipeline terminated {"pipeline.id"=>"main"}
[2021-03-24T09:09:33,236][FATAL][logstash.runner ] SIGINT received. Terminating immediately..
[2021-03-24T09:09:33,366][FATAL][org.logstash.Logstash ]
org.jruby.exceptions.ThreadKill: null
[2021-03-24T09:09:33,377][DEBUG][logstash.agent ] 2021-03-24 09:09:33 +0100: Listen loop error: #<NoMethodError: undefined method `first' for nil:NilClass>
/Users/philipp/Downloads/logstash-7.11.2/vendor/bundle/jruby/2.5.0/gems/puma-4.3.7-java/lib/puma/server.rb:384:in `handle_servers'
/Users/philipp/Downloads/logstash-7.11.2/vendor/bundle/jruby/2.5.0/gems/puma-4.3.7-java/lib/puma/server.rb:356:in `block in run'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment