Same pattern file gives pattern not define for only one pattern

SashaAlex · June 4, 2018, 7:15am

I have following pattern file.
CPAT ([\w-]+)
FRDOM ([\w-]+)
DEVC ([\w]+)

I had given permission for pattern file. but it gives the following error.

Pipeline aborted due to error {:exception=>#<Grok::PatternError: pattern %{CPAT:devicename} not defined>

my filter is like this.
grok{
patterns_dir => ["/etc/logstash/pattern.d"]
match => { "message" => "%{CISCOTIMESTAMP:timestamp} %{IP:serverip}.%%{DEVC:dev}.%{DEVC:devnum}.%{DEVC:status}: Device('%{CPAT:devicename}'/'%{CPAT:device}'/%{CPAT:devicemac}. at %{FRDOM:dom}.'%{FRDOM:rfdomain}" }
}

Badger · June 4, 2018, 2:59pm

In 6.2.4, with that filter (provided you add a backslash between Device and the parenthesis) I do not get an error. Can you re-post the match line from the grok filter with 4 leading spaces like this:

match => { "message" => "%{CISCOTIMESTAMP:timestamp} %{IP:serverip}.%%{DEVC:dev}.%{DEVC:devnum}.%{DEVC:status}: Device\('%{CPAT:devicename}'/'%{CPAT:device}'/%{CPAT:devicemac}. at %{FRDOM:dom}.'%{FRDOM:rfdomain}" }

BTW, do you really want %% before the first DEVC?

Topic		Replies	Views
Custom GROK Patterns not work Logstash	5	11699	May 22, 2017
Pattern not defined even though the first matches Logstash	2	1162	September 4, 2017
Pipeline aborted due to error PatternError.pattern not defined Logstash	4	5325	November 4, 2022
Pattern not defined grok error Elastic Stack	1	407	November 4, 2022
Grok isn't loading patterns Logstash	5	3038	October 12, 2017

Same pattern file gives pattern not define for only one pattern

Related topics