You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@metron.apache.org by Girish N <gi...@gmail.com> on 2017/09/13 14:18:42 UTC

Move to Inbox More 1 of 6 java.lang.IllegalStateException: Grok parser Error: Grok statement produced a null messag

Hello All,

I have been working on apache metron and i am stuck with the below
exceptions. Kindly assist.

Sample log
<134>Sep 12 14:58:03 filterlog: 71,,,0,rl0,match,pass,out,4,
0x0,,64,61921,0,none,17,udp,65,106.51.70.92,8.8.8.8,5845,53,45

Grok pattern - tested in http://grokconstructor.appspot.com/do/match#result
<%{POSINT:PORT}>+%{SYSLOGTIMESTAMP:timestamp} %{HOSTNAME:host}:
%{GREEDYDATA:msg}

Parser config
{
"parserClassName": "org.apache.metron.parsers.GrokParser",
"sensorTopic": "log",
"parserConfig": {
"grokPath": "/patterns/log",
"patternLabel": "SYS_DELIMITED"
}}


When i start the parser topology, I could see the below exceptions in
worker log and in Storm UI.

2017-09-13 12:04:24.396 o.a.m.p.GrokParser [ERROR] Grok statement produced
a null message. Original message was: <134>Sep 12 16:58:03 filterlog:
71,,,0,rl0,match,pass,out,4,0x0,,64,61921,0,none,17,udp,
65,106.51.70.92,8.8.8.8,5845,53,45 and the parsed message was: {} . Check
the pattern at: /patterns/log
java.lang.RuntimeException: Grok statement produced a null message.
Original message was: <134>Sep 12 16:58:03 filterlog:
71,,,0,rl0,match,pass,out,4,0x0,,64,61921,0,none,17,udp,
65,106.51.70.92,8.8.8.8,5845,53,45 and the parsed message was: {} . Check
the pattern at: /patterns/log
    at org.apache.metron.parsers.GrokParser.parse(GrokParser.java:152)
[stormjar.jar:?]
    at org.apache.metron.parsers.interfaces.MessageParser.
parseOptional(MessageParser.java:45) [stormjar.jar:?]
    at org.apache.metron.parsers.bolt.ParserBolt.execute(ParserBolt.java:133)
[stormjar.jar:?]
    at org.apache.storm.daemon.executor$fn__7953$tuple_
action_fn__7955.invoke(executor.clj:728) [storm-core-1.0.1.jar:1.0.1]
    at org.apache.storm.daemon.executor$mk_task_receiver$fn__7874.invoke(executor.clj:461)
[storm-core-1.0.1.jar:1.0.1]
    at org.apache.storm.disruptor$clojure_handler$reify__7390.onEvent(disruptor.clj:40)
[storm-core-1.0.1.jar:1.0.1]
    at org.apache.storm.utils.DisruptorQueue.consumeBatchToCursor(DisruptorQueue.java:439)
[storm-core-1.0.1.jar:1.0.1]
    at org.apache.storm.utils.DisruptorQueue.consumeBatchWhenAvailable(DisruptorQueue.java:418)
[storm-core-1.0.1.jar:1.0.1]
    at org.apache.storm.disruptor$consume_batch_when_available.invoke(disruptor.clj:73)
[storm-core-1.0.1.jar:1.0.1]
    at org.apache.storm.daemon.executor$fn__7953$fn__7966$fn__8019.invoke(executor.clj:847)
[storm-core-1.0.1.jar:1.0.1]
    at org.apache.storm.util$async_loop$fn__625.invoke(util.clj:484)
[storm-core-1.0.1.jar:1.0.1]
    at clojure.lang.AFn.run(AFn.java:22) [clojure-1.7.0.jar:?]
    at java.lang.Thread.run(Thread.java:745) [?:1.8.0_101]


Sometimes i get the Topic name cannot be null exceptions when i start the
parser topology, could you please let me know why this happens.

Best Regards
Girish N