I have an ASA that record some vpn logs. those aren't included in the core-patterns. so I defined a simple patterns its seem to be working fine in testing envi which is running 5.1.1 logstash. but when moving the same config to prod which is running 5.0.0 I face the undesirable error.
Pipeline aborted due to error {:exception=>#<Grok::PatternError: pattern %{CISCOFW113008} not defined
are there any major differences with the 2 version of logstash.
a simple test
this is the pattern file
CISCOFW113008 %{CISCO_ACTION:action} : user = %{USER:user}
which also contain the actions required.
thanks