metron-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tkg_cangkul <yuza.ras...@gmail.com>
Subject Re: failed grok parser metron squid
Date Mon, 13 Feb 2017 10:59:20 GMT
hi zeolla,

this is the output of hdfs cat command :



i've test it with this http://grokconstructor.appspot.com/do/match#result
and the result was match





On 13/02/17 17:54, Zeolla@GMail.com wrote:
>
> You appear to be missing a final }.  Does it work with the standard 
> grok pattern from the tutorial?  Can you show the output of:
> hadoop fs -cat /apps/metron/patterns/squid
>
> Jon
>
>
> On Mon, Feb 13, 2017, 5:28 AM tkg_cangkul <yuza.rasfar@gmail.com 
> <mailto:yuza.rasfar@gmail.com>> wrote:
>
>     hi i've try to add new telemetry data source with squid by
>     following this tutorial :
>
>     https://cwiki.apache.org/confluence/display/METRON/Adding+a+New+Telemetry+Data+Source
>
>     but when i start parser topology squid i've found some error
>     message like this :
>
>
>
>     i've check that file on hdfs. this is the value of that file :
>
>     SQUID_DELIMITED %{NUMBER:timestamp}  %{INT:elapsed}
>     %{IPV4:ip_src_addr} %{WORD:action}/%{NUMBER:code} %{NUMBER:bytes}
>     %{WORD:method} %{NOTSPACE:url} -
>     %{WORD:UNWANTED}\/%{IPV4:ip_dst_addr}
>     %{WORD:UNWANTED}\/%{WORD:UNWANTED
>
>     pls give me your suggestion.
>
>     Thanks before.
>
> -- 
>
> Jon
>
> Sent from my mobile device
>


Mime
View raw message