Pipeline aborted due to error.PatternError: pattern %{REMOTEIP:remoteip} not defined>

here is my config file

input {
file {
path => "/log/apache-log/access_log"
type => "accesslogs"
}
}

filter {
if [type] == "accesslogs" {
grok {
patterns_dir => "/opt/elastic/logstash/patterns/"
match => { "message" => "'%{REMOTEIP:remoteip}'?%{IGNORE:ignore}? +%{IP:cdnip} %{USER:logname} %{USER:username} [%{HTTPDATE:timestamp}] "%{WORD:method} %{DATA:url} HTTP/%{NUMBER:version}" %{NUMBER:status} %{SIZE:size} "%{DATA:referer}" "%{DATA:useragent}" %{NOTSPACE:session} %{NOTSPACE:domain} %{NUMBER:seconds}/%{NUMBER:microsecs}" }
remove_field => ["logname","username","version","@version","message","path","ignore"]
}
date {
match => ["timestamp", "dd/MMM/yyyy:HH:mm:ss Z"]
remove_field => [ "timestamp" ]
}
grok {
match => { "url" => "%{URIPATH:api}??%{GREEDYDATA:payload}?" }
remove_field => ["url"]
}
kv {
source => "payload"
allow_duplicate_values => false
field_split => "&?"
include_keys => [ "aid", "h","ct" ]
}
urldecode {
all_fields=>true
charset=>"UTF-8"
}
#supported in logstash version 6+
kv {
source => "iBeatField"
allow_duplicate_values => false
field_split_pattern => "\-\-"
remove_field => ["undefined","undefined HTTP/1.1"]
}
if [size] == "-" {
mutate {
replace => [ "size", "0" ]
}
}
if [ct] == "undefined" {
mutate {
replace => [ "ct", "-1" ]
}
}
}
}

output {
stdout {}
}

and here's the error

[2019-09-23T15:24:59,701][ERROR][logstash.javapipeline ] Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<Grok::PatternError: pattern %{REMOTEIP:remoteip} not defined>, :backtrace=>["/opt/elastic/logstash-7.3.2/vendor/bundle/jruby/2.5.0/gems/jls-grok-0.11.5/lib/grok-pure.rb:123:in block in compile'", "org/jruby/RubyKernel.java:1425:inloop'", "/opt/elastic/logstash-7.3.2/vendor/bundle/jruby/2.5.0/gems/jls-grok-0.11.5/lib/grok-pure.rb:93:in compile'", "/opt/elastic/logstash-7.3.2/vendor/bundle/jruby/2.5.0/gems/logstash-filter-grok-4.1.1/lib/logstash/filters/grok.rb:274:inblock in register'", "org/jruby/RubyArray.java:1792:in each'", "/opt/elastic/logstash-7.3.2/vendor/bundle/jruby/2.5.0/gems/logstash-filter-grok-4.1.1/lib/logstash/filters/grok.rb:268:inblock in register'", "org/jruby/RubyHash.java:1419:in each'", "/opt/elastic/logstash-7.3.2/vendor/bundle/jruby/2.5.0/gems/logstash-filter-grok-4.1.1/lib/logstash/filters/grok.rb:263:inregister'", "org/logstash/config/ir/compiler/AbstractFilterDelegatorExt.java:56:in register'", "/opt/elastic/logstash-7.3.2/logstash-core/lib/logstash/java_pipeline.rb:192:inblock in register_plugins'", "org/jruby/RubyArray.java:1792:in each'", "/opt/elastic/logstash-7.3.2/logstash-core/lib/logstash/java_pipeline.rb:191:inregister_plugins'", "/opt/elastic/logstash-7.3.2/logstash-core/lib/logstash/java_pipeline.rb:463:in maybe_setup_out_plugins'", "/opt/elastic/logstash-7.3.2/logstash-core/lib/logstash/java_pipeline.rb:204:instart_workers'", "/opt/elastic/logstash-7.3.2/logstash-core/lib/logstash/java_pipeline.rb:146:in run'", "/opt/elastic/logstash-7.3.2/logstash-core/lib/logstash/java_pipeline.rb:105:inblock in start'"], :thread=>"#<Thread:0x52fe5074 run>"}
[2019-09-23T15:24:59,709][ERROR][logstash.agent ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create, action_result: false", :backtrace=>nil}

please help asap

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.