mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-06-30 10:23:41 -04:00
f5910664b7
When Joni, the regex engine that powers grok emits a warning it does so by default to System.err. System.err logs are all bucketed together in the server log at WARN level. When Joni emits a warning, it can be extremely verbose, logging a message for each execution again that pattern. For ingest node that means for every document that is run that through Grok. Fortunately, Joni provides a call back hook to push these warnings to a custom location. This commit implements Joni's callback hook to push the Joni warning to the Elasticsearch server logger (logger.org.elasticsearch.ingest.common.GrokProcessor) at debug level. Generally these warning indicate a possible issue with the regular expression and upon creation of the Grok processor will do a "test run" of the expression and log the result (if any) at WARN level. This WARN level log should only occur on pipeline creation which is a much lower frequency then every document. Additionally, the documentation is updated with instructions for how to set the logger to debug level. |
||
|---|---|---|
| .. | ||
| append.asciidoc | ||
| bytes.asciidoc | ||
| circle.asciidoc | ||
| common-options.asciidoc | ||
| convert.asciidoc | ||
| csv.asciidoc | ||
| date-index-name.asciidoc | ||
| date.asciidoc | ||
| dissect.asciidoc | ||
| dot-expand.asciidoc | ||
| drop.asciidoc | ||
| enrich.asciidoc | ||
| fail.asciidoc | ||
| foreach.asciidoc | ||
| geoip.asciidoc | ||
| grok.asciidoc | ||
| gsub.asciidoc | ||
| html_strip.asciidoc | ||
| inference.asciidoc | ||
| join.asciidoc | ||
| json.asciidoc | ||
| kv.asciidoc | ||
| lowercase.asciidoc | ||
| pipeline.asciidoc | ||
| remove.asciidoc | ||
| rename.asciidoc | ||
| script.asciidoc | ||
| set-security-user.asciidoc | ||
| set.asciidoc | ||
| sort.asciidoc | ||
| split.asciidoc | ||
| trim.asciidoc | ||
| uppercase.asciidoc | ||
| url-decode.asciidoc | ||
| user-agent.asciidoc | ||