Upgrade to LS 1.5.5 breaks my config


(Tim Dunphy) #1

Hey all,

I had a config that was working just fine under Logstash 1.5.4. But I just upgraded to version 1.5.5, and now LS won't run correctly. No data is showing up in Kibana, where before the upgrade data was showing up fine.

And I now see this error showing up in the logstash.log:

{:timestamp=>"2015-11-15T21:22:13.276000-0500", :message=>"The error reported is: \n  pattern %{HOST:jf_host} not defined"}
{:timestamp=>"2015-11-15T21:23:42.256000-0500", :message=>"The error reported is: \n  pattern %{HOST:jf_host} not defined"}

That's a new error since the upgrade!

This is the field in my config that LS is now complaining about:

%{HOST:jf_host}

Here's what the entire grok filter looks like:

 grok {
            match => { 'message' => '%{SYSLOGTIMESTAMP:syslog_timestamp} %{HOST:jf_host} %{SYSLOGPROG:appname_pid}: %{GREEDYDATA:log_message}'}
        }

So why would this setup be fine under 1.5.4, but not version 1.5.5? And how can I fix this so I get my setup working again?


#2

HOST used to be an alias for HOSTNAME, and under 2.0 at least, this has been removed. It looks like the same issue for 1.5.5, from what you're describing.

Try %{HOSTNAME:jf_host} instead.


(Tim Dunphy) #3

Yup! That was it. Love the responsiveness of this board! Works now.

Thanks!


(system) #4