WARN log messages for failed matches are noisy

[joshuar]

When using a lot of different dissect filters, in particular, where all of these are matching against a single event, the warning messages from failed matches spams the log with messages of the following:

[2018-09-20T14:00:14,305][WARN ][org.logstash.dissect.Dissector] Dissector mapping, field not found in event {"field"=>"somefield", "event"=>{"host"=>"ludicra", "@timestamp"=>2018-09-20T04:00:14.108Z, "@version"=>"1", "message"=>"sdgasdg"}}

There is one of these messages for each failed match. On a busy server with lots of patterns, this adds up. Can we reduce the level of these messages to DEBUG to avoid spamming the logs?

[guyboertje]

Sure. I can do that. I think it is a bug as that warning is supposed to be rare. I fixed it while implementing a POC of sequencing.
Be aware, though, the addition of sequencing should ameliorate the need for multiple dissects.

[seang-es]

This has a performance impact as well. Some users are seeing a perf hit from all the additional logging. When the Logstash logs were diverted to /dev/null, dissect was much faster than grok, but when the failures were sent to the log file they were about the same.