message 匹配不上grok正则 也会写入到elasticsearch

{
       "message" => "scan test 20161201",
      "@version" => "1",
    "@timestamp" => "2016-12-01T05:17:39.018Z",
          "path" => "/data01/gw/gw-app1-192.168.5.116-2016-12-01",
          "host" => "Vsftp",
          "type" => "gw-app-iis",
          "tags" => [
        [0] "_grokparsefailure"
    ]
}


即使logstash 匹配不上,也会写入到elasticsearch