Upgrade to LS 1.5.5 breaks my config

Hey all,

I had a config that was working just fine under Logstash 1.5.4. But I just upgraded to version 1.5.5, and now LS won't run correctly. No data is showing up in Kibana, where before the upgrade data was showing up fine.

And I now see this error showing up in the logstash.log:

{:timestamp=>"2015-11-15T21:22:13.276000-0500", :message=>"The error reported is: \n  pattern %{HOST:jf_host} not defined"}
{:timestamp=>"2015-11-15T21:23:42.256000-0500", :message=>"The error reported is: \n  pattern %{HOST:jf_host} not defined"}

That's a new error since the upgrade!

This is the field in my config that LS is now complaining about:


Here's what the entire grok filter looks like:

 grok {
            match => { 'message' => '%{SYSLOGTIMESTAMP:syslog_timestamp} %{HOST:jf_host} %{SYSLOGPROG:appname_pid}: %{GREEDYDATA:log_message}'}

So why would this setup be fine under 1.5.4, but not version 1.5.5? And how can I fix this so I get my setup working again?

HOST used to be an alias for HOSTNAME, and under 2.0 at least, this has been removed. It looks like the same issue for 1.5.5, from what you're describing.

Try %{HOSTNAME:jf_host} instead.

Yup! That was it. Love the responsiveness of this board! Works now.