Skip to content

Instantly share code, notes, and snippets.

@robinsmidsrod

robinsmidsrod/error_message.txt

Created July 1, 2014 11:48
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save robinsmidsrod/95037e2e9b4a23d05f72 to your computer and use it in GitHub Desktop.
Save robinsmidsrod/95037e2e9b4a23d05f72 to your computer and use it in GitHub Desktop.
Download ZIP
Logstash configuration error when using if test with regular expression
Raw
error_message.txt
# /opt/logstash/bin/logstash -t -f logstash.conf
SyntaxError: (eval):164: syntax error, unexpected tRPAREN
if (((event["[syslog_program]"] =~ /^postfix//)))
^
eval at org/jruby/RubyKernel.java:1121
initialize at /opt/logstash/lib/logstash/pipeline.rb:28
execute at /opt/logstash/lib/logstash/agent.rb:112
run at /opt/logstash/lib/logstash/runner.rb:168
call at org/jruby/RubyProc.java:271
initialize at /opt/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.17/lib/stud/task.rb:12
Raw
logstash.conf
if [syslog_program] =~ "^postfix/" {
grok {
# Convert combined postfix program name into separate parts
match => [ "syslog_program", "^postfix/%{GREEDYDATA:postfix_program}" ]
add_tag => [ "grokked" ]
}
if "grokked" in [tags] {
mutate {
# Set syslog_program to "postfix" if tagged and grokked
replace => [ "syslog_program", "postfix" ]
remove_tag => [ "grokked" ]
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment