I am trying to add a Grok pattern for standard cloudfront logs:
%{DATE:date}\s%{TIME:time}\s%{DATA:x_edge_location}\s%{INT:sc_bytes:int}\s%{IP:client_ip}\s%{WORD:cs_method}\s%{HOSTNAME:cs_host}\s%{NOTSPACE:cs_uri_stem}\s%{INT:sc_status:int}\s%{DATA:cs_referer}\s%{DATA:cs_user_agent}\s%{DATA:cs_uri_query}\s%{DATA:cs_cookie}\s%{DATA:x_edge_result_type}\s%{DATA:x_edge_request_id}\s%{DATA:x_host_header}\s%{INT:cs_protocol:int}\s%{INT:cs_bytes:int}\s%{NUMBER:time_taken:float}\s%{DATA:x_forwarded_for}\s%{DATA:ssl_protocol}\s%{DATA:ssl_cipher}\s%{INT:x_edge_response_result_type:int}\s%{DATA:cs_protocol_version}\s%{DATA:fle_status}\s%{DATA:fle_encrypted_fields}\s%{INT:c_port:int}\s%{DATA:time_to_first_byte}\s%{DATA:x_edge_detailed_result_type}\s%{DATA:sc_content_type}\s%{DATA:sc_content_len}\s%{DATA:sc_range_start}\s%{DATA:sc_range_end}
However I am getting error message:
{"message":"Grok pattern cannot be compiled.","code":"InvalidInputException","time":"2023-05-04T14:58:30.719Z","requestId":"884ba448-8975-4cab-9ec7-992cbb13f5e8","statusCode":400,"retryable":false}
