Parsing: logs don't appear if parsing fails somewhere #230
Description
There are cases when parsing fails by some reason (new logs format used etc.) and we can't get any logs in Kibana and moreover there are no log messages in Logstash parser. The cases are different and can lead to the situation when some required fields are not parsed. Because of the missing of these fields logs can be drop, or stored to wrong index, or failed to store because of mappings etc.
This issue will collect cases that we occurred. The fix should be done considering these cases. In general it should be done with changing Logstash logging (to print important mistakes in parsing as warnings) and with making parsing scenario more smart. So that unparsed logs don't loose.
One possible case:
Currently we set ES index type as %{@type}. But some messages can be parsed with problems (e.g. old messages parsed with fail/timecop tag) and it can occur that @type field is not parsed, so ES index type is not defined for such messages.
We need to use some static type values for such messages. - either when calculating ES index type (this is more preferrable) or when defining @type field.