[Cisco Aironet]: Pipeline error - Grok expression missmatch #14666
Description
Integration Name
Cisco Aironet [cisco_aironet]
Dataset Name
cisco_aironet.log
Integration Version
1.16.0
Agent Version
8.18.3
Agent Output Type
elasticsearch
Elasticsearch Version
8.18.3
OS Version and Architecture
Red Hat Enterprise Linux release 8.10
Software/API Version
IOS XE 17.12.5
Error Message
Provided Grok expressions do not match field value: [<190>2371599: Jul 23 2025 14:31:54.468 UTC: %CLIENT_ORCH_LOG-6-CLIENT_ADDED_TO_RUN_STATE: Chassis 1 R0/3: wncd: Username entry (musterm8) joined with ssid (COMAPNY) for device with MAC: 1234.abcd.5678 on channel (1)]
Event Original
<190>2371599: Jul 23 2025 14:31:54.468 UTC: %CLIENT_ORCH_LOG-6-CLIENT_ADDED_TO_RUN_STATE: Chassis 1 R0/3: wncd: Username entry (musterm8) joined with ssid (COMAPNY) for device with MAC: 1234.abcd.5678 on channel (1)
What did you do?
I installed the integration and assigned it to a policy. No custom configuration of any kind was done.
listening on 0.0.0.0 on port 9009.
We are ingesting the logs over UDP
What did you see?
That the pipeline does not work
What did you expect to see?
a working ingest pipeline of the integration
Anything else?
I assume there does not need to be any custom configuration on the Appliance side, as there is no specific Setup section to follow.
PS.:A hint would be nice to point out that the port for the log destination can only be set via the CLI and not via the GUI on the Cisco side. Otherwise the Appliance is only able to send logs to port 514 and not 9009 as per default. -> https://community.cisco.com/t5/wireless/wlc-9800-syslog/td-p/4470660
PPS.:In the meantime I'll try to figure out the issue on the GROK pattern in question