You configuration have error. The grok match field is message
, instead of message1
.
Then, at logstash grok page there is an example to show how to use grok. I think you have misunderstand. For example, if your log is
55.3.244.1 GET /index.html 15824 0.043
The grok pattern for logstash is
%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}
For %{IP:client}
, The first parameter (IP) is grok pattern, the second parameter(client) is the field you want to put this message.