Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Storm parserBolt error java.lang.IllegalStateException: Grok parser Error: Grok statement produced a null message.

Highlighted

Storm parserBolt error java.lang.IllegalStateException: Grok parser Error: Grok statement produced a null message.

New Contributor

I have follow below listed steps to created syslog pattern and parser but at storm ui it give me error :

(1) Sample syslog is receiving successfully from Nifi to Kafka

<30>Aug 1 15:00:01 localhost systemd: Starting Session 12 of user root.

(2) Than Created pattern at /usr/metron/0.4.0/patterns/common2 as below:

COMMON2_DELIMITED <%{NUMBER:queue_id}>+%{SYSLOGTIMESTAMP:timestamp2}(?:%{SYSLOGFACILITY} )? %{IPORHOST} %{SYSLOGPROG}: %{GREEDYDATA:msg}

(3) Than Created parser at /usr/metron/0.4.0/config/zookeeper/parsers/common2.json as below:

{ "parserClassName": "org.apache.metron.parsers.GrokParser", "sensorTopic": "common2", "parserConfig": { "grokPath": "/apps/metron/patterns/common2", "patternLabel": "COMMON2_DELIMITED", "timestampField": "timestamp2" } }

(4) Than push & dump using below commands

[root@node1 ~]# /usr/metron/0.4.0/bin/zk_load_configs.sh -i /usr/metron/0.4.0/config/zookeeper -m PUSH -z node2:2181 [root@node1 ~]# /usr/metron/0.4.0/bin/zk_load_configs.sh -m DUMP -z node2:2181

But at Storm UI it gives me error as below:

java.lang.IllegalStateException: Grok parser Error: Grok statement produced a null message. Original message was: <30>Aug 3 02:10:01 localhost systemd: Starting user-0.slice. and the parsed message was: {} . Check the pattern at: /apps/metron/patterns/common2 on <30>Aug 3 02:10:01 localhost systemd: Starting user-0.slice. at org.apache.metron.parsers.GrokParser.parse(GrokParser.java:174) at org.apache.metron.parsers.interfaces.MessageParser.parseOptional(MessageParser.java:45) at org.apache.metron.parsers.bolt.ParserBolt.execute(ParserBolt.java:133) at org.apache.storm.daemon.executor$fn__6573$tuple_action_fn__6575.invoke(executor.clj:734) at org.apache.storm.daemon.executor$mk_task_receiver$fn__6494.invoke(executor.clj:466) at org.apache.storm.disruptor$clojure_handler$reify__6007.onEvent(disruptor.clj:40) at org.apache.storm.utils.DisruptorQueue.consumeBatchToCursor(DisruptorQueue.java:451) at org.apache.storm.utils.DisruptorQueue.consumeBatchWhenAvailable(DisruptorQueue.java:430) at org.apache.storm.disruptor$consume_batch_when_available.invoke(disruptor.clj:73) at org.apache.storm.daemon.executor$fn__6573$fn__6586$fn__6639.invoke(executor.clj:853) at org.apache.storm.util$async_loop$fn__554.invoke(util.clj:484) at clojure.lang.AFn.run(AFn.java:22) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.RuntimeException: Grok statement produced a null message. Original message was: <30>Aug 3 02:10:01 localhost systemd: Starting user-0.slice. and the parsed message was: {} . Check the pattern at: /apps/metron/patterns/common2 at org.apache.metron.parsers.GrokParser.parse(GrokParser.java:152) ... 12 more

Kindly help me to resolve this issue.

Don't have an account?
Coming from Hortonworks? Activate your account here