Support Questions
Find answers, ask questions, and share your expertise

Unable to parse the datetime in Metron using Grok Parser

New Contributor

I get the following error when trying to parse a date field from my log.

Here is a sample log:

10.10.10.10 - - [29/Jan/2018:06:02:41 -0600] "GET /f2c08g-bikec1089u5ba.html HTTP/1.1" 200 42887 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

My config is:

"parserConfig": { "grokPath": "/apps/metron/patterns/accesslog", "patternLabel": "ACCESSLOG", "timestampField": "timestamp", "timeFields": "[timestamp]", "dateFormat": "dd/MMM/yyyy:HH:mm:ss Z" }.

My Grok statement is:

%{IPORHOST:ip_src_addr} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})" %{NUMBER:response} (?:%{NUMBER:bytes}|-) %{QUOTEDSTRING:referrer} %{QUOTEDSTRING:agent}

The error I get:

java.lang.ClassCastException: java.lang.String cannot be cast to java.util.Listat org.apache.metron.parsers.GrokParser.configure(GrokParser.java:62)at org.apache.metron.rest.service.impl.SensorParserConfigServiceImpl.parseMessage(SensorParserConfigServiceImpl.java:167)

I've tried different dates format, and I'm still having the same issue.
Any ideas on what the problem could be?

1 REPLY 1

Re: Unable to parse the datetime in Metron using Grok Parser

New Contributor

Hi, did you ever manage to fix this? We're having the same issue.