Skip to content

Commit

Permalink
Fix redundant operator in activemq ingest pipeline (#17428) (#17440)
Browse files Browse the repository at this point in the history
Grok processor has a redundant `*` operator in a regular expression,
which causes the following warning to be printed to the Elasticsearch
logs every time the pipeline is loaded:

```
regular expression has redundant nested repeat operator * /(?<TIMESTAMP_ISO8601:timestamp>(?:(?>\d\d){1,2})-(?:(?:0?[1-9]|1[0-2]))-(?:(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9]))[T ](?:(?:2[0123]|[01][0-9])):?(?:(?:[0-5][0-9]))(?::?(?:(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)))?(?:(?:Z|[+-](?:(?:2[0123]|[01]?[0-9]))(?::?(?:(?:[0-5][0-9])))))?)(?:\s*)\|(?:\s*)(?<LOGLEVEL:log.level>([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?))(?:\s*)\|(?:\s*)(?<NOPIPEGREEDYDATA:message>((?! \|).)*)(?:\s*)\|(?:\s*)(?<NOPIPEGREEDYDATA:activemq.caller>((?! \|).)*)(?:\s*)\|(?:\s*)(?<THREAD_NAME:activemq.thread>((?!
).)*)(?:\s*)?(?<GREEDYMULTILINE:activemq.log.stack_trace>(.|\n|\t)*)/
```

(cherry picked from commit 543a5f4)
  • Loading branch information
adriansr authored Apr 6, 2020
1 parent 33daf30 commit 3aa2f36
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Fixed MySQL slowlog module causing "regular expression has redundant nested repeat operator" warning in Elasticsearch. {issue}17086[17086] {pull}17156[17156]
- Fix `elasticsearch.audit` data ingest pipeline to be more forgiving with date formats found in Elasticsearch audit logs. {pull}17406[17406]
- CEF: Fixed decoding errors caused by trailing spaces in messages. {pull}17253[17253]
- Fixed activemq module causing "regular expression has redundant nested repeat operator" warning in Elasticsearch. {pull}17428[17428]

*Heartbeat*

Expand Down
2 changes: 1 addition & 1 deletion x-pack/filebeat/module/activemq/log/ingest/pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ processors:
NOPIPEGREEDYDATA: "((?! \\|).)*"
THREAD_NAME: "((?! \n).)*"
patterns:
- "%{TIMESTAMP_ISO8601:timestamp}%{SPACE}\\|%{SPACE}%{LOGLEVEL:log.level}%{SPACE}\\|%{SPACE}%{NOPIPEGREEDYDATA:message}%{SPACE}\\|%{SPACE}%{NOPIPEGREEDYDATA:activemq.caller}%{SPACE}\\|%{SPACE}%{THREAD_NAME:activemq.thread}%{SPACE}?%{GREEDYMULTILINE:activemq.log.stack_trace}"
- "%{TIMESTAMP_ISO8601:timestamp}%{SPACE}\\|%{SPACE}%{LOGLEVEL:log.level}%{SPACE}\\|%{SPACE}%{NOPIPEGREEDYDATA:message}%{SPACE}\\|%{SPACE}%{NOPIPEGREEDYDATA:activemq.caller}%{SPACE}\\|%{SPACE}%{THREAD_NAME:activemq.thread}%{SPACE}%{GREEDYMULTILINE:activemq.log.stack_trace}"
ignore_missing: true
- date:
if: "ctx.event.timezone == null"
Expand Down

0 comments on commit 3aa2f36

Please sign in to comment.