Upgrade to LS 1.5.5 breaks my config

bluethundr · November 16, 2015, 2:28am

Hey all,

I had a config that was working just fine under Logstash 1.5.4. But I just upgraded to version 1.5.5, and now LS won't run correctly. No data is showing up in Kibana, where before the upgrade data was showing up fine.

And I now see this error showing up in the logstash.log:

{:timestamp=>"2015-11-15T21:22:13.276000-0500", :message=>"The error reported is: \n  pattern %{HOST:jf_host} not defined"}
{:timestamp=>"2015-11-15T21:23:42.256000-0500", :message=>"The error reported is: \n  pattern %{HOST:jf_host} not defined"}

That's a new error since the upgrade!

This is the field in my config that LS is now complaining about:

%{HOST:jf_host}

Here's what the entire grok filter looks like:

 grok {
            match => { 'message' => '%{SYSLOGTIMESTAMP:syslog_timestamp} %{HOST:jf_host} %{SYSLOGPROG:appname_pid}: %{GREEDYDATA:log_message}'}
        }

So why would this setup be fine under 1.5.4, but not version 1.5.5? And how can I fix this so I get my setup working again?

ceekay · November 16, 2015, 2:37am

HOST used to be an alias for HOSTNAME, and under 2.0 at least, this has been removed. It looks like the same issue for 1.5.5, from what you're describing.

Try %{HOSTNAME:jf_host} instead.

bluethundr · November 16, 2015, 2:45am

Yup! That was it. Love the responsiveness of this board! Works now.

Thanks!

Topic		Replies	Views
Upgrade from 1.5 to 2.0: Pattern not defined Logstash	8	5596	July 6, 2017
Logstash doesn't parse logs after upgrading from 1.5.x to 6.5.x Logstash	3	417	December 31, 2018
Trouble with ESXI filters in logstash Logstash	5	2459	July 6, 2017
Logstash index template Logstash	6	1404	December 29, 2017
Logstash is not breaking the logs Logstash	3	867	November 5, 2018

Upgrade to LS 1.5.5 breaks my config

Related topics