Logstash WILL NOT parse my files :`-(

custom URI_EXTRA pattern

# custom regex pattern for our URIs, allowing
# ampersands in the URL and ^s in the query string.

URI_EXTRA %{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:(?:/[A-Za-z0-9$.+!*'(){},~:;=&@#%_\-]*)+(?:\?[A-Za-z0-9$.+!*'|(){},~@#%&\^/=:;_?\-\[\]]*)?)?

excerpt from logstash.conf

  } else if [path] =~ "drupal" {
    mutate { replace => { "type" => "drupal_syslog" } }
    grok {
      break_on_match => false
      match => [
        "message", "%{SYSLOGBASE} %{GREEDYDATA:syslog_message}"
      ]
    }
    grok {
      patterns_dir => "/Users/drewrobinson/Development/elk/logstash/patterns"
      # break_on_match => false
      match => [
        "syslog_message", "%{URI:server}\|%{INT:unix_time}\|%{DATA:message_type}\|(%{IP:client})?\|%{URI_EXTRA:request}\|(%{URI_EXTRA:referer})?\|%{INT:uid}\|(%{DATA:link})?\|%{GREEDYDATA:log_message}"
      ]
    }
    grok {
      patterns_dir => "/Users/drewrobinson/Development/elk/logstash/patterns"
      # break_on_match => false
      match => [
        "syslog_message", "%{DATA:message_type}\|(%{IP:client})?\|%{URI_EXTRA:request}\|(%{URI_EXTRA:referer})?\|%{INT:uid}\|(%{DATA:link})? %{GREEDYDATA:log_message}"
      ]
    }
    grok {
      patterns_dir => "/Users/drewrobinson/Development/elk/logstash/patterns"
      # break_on_match => false
      match => [
        "syslog_message", "type=(%{QS:message_type}|%{DATA:message_type}) client=(%{IP:client})? request_uri=%{URI_EXTRA:request} referer=(%{URI_EXTRA:referer})? uid=%{INT:uid} link=(%{QS:link}|%{DATA:link})? message=%{GREEDYDATA:log_message}"
      ]
    }

Previously I have tried:

} else if [path] =~ "drupal" {
mutate { replace => { "type" => "drupal_syslog" } }
grok {
  patterns_dir => "/Users/drewrobinson/Development/elk/logstash/patterns"
  break_on_match => false
  match => {
    "message" => "%{SYSLOGBASE} %{URI:server}\|%{INT:unix_time}\|%{DATA:message_type}\|(%{IP:client})?\|%{URI_EXTRA:request}\|(%{URI_EXTRA:referer})?\|%{INT:uid}\|(%{DATA:link})?\|%{GREEDYDATA:log_message}"
  }
}
grok {
  patterns_dir => "/Users/drewrobinson/Development/elk/logstash/patterns"
  break_on_match => false
  match => {
    "message" => "%{SYSLOGTIMESTAMP:timestamp} %{HOST} %{SYSLOGPROG}: %{DATA:message_type}\|(%{IP:client})?\|%{URI_EXTRA:request}\|(%{URI_EXTRA:referer})?\|%{INT:uid}\|(%{DATA:link})? %{GREEDYDATA:log_message}"
  }
}
grok {
  patterns_dir => "/Users/drewrobinson/Development/elk/logstash/patterns"
  break_on_match => false
  match => {
    "message" => "%{SYSLOGTIMESTAMP:timestamp} %{HOST} %{SYSLOGPROG}: type=(%{QS:message_type}|%{DATA:message_type}) client=(%{IP:client})? request_uri=%{URI_EXTRA:request} referer=(%{URI_EXTRA:referer})? uid=%{INT:uid} link=(%{QS:link}|%{DATA:link})? message=%{GREEDYDATA:log_message}"
  }
}

with little success as well :-(

And before that I had all the "message" patterns in one match hash...

} else if [path] =~ "drupal" {
mutate { replace => { "type" => "drupal_syslog" } }
grok {
  patterns_dir => "/Users/drewrobinson/Development/elk/logstash/patterns"
  break_on_match => false
  match => {
    "message" => "%{SYSLOGBASE} %{URI:server}\|%{INT:unix_time}\|%{DATA:message_type}\|(%{IP:client})?\|%{URI_EXTRA:request}\|(%{URI_EXTRA:referer})?\|%{INT:uid}\|(%{DATA:link})?\|%{GREEDYDATA:log_message}"
    "message" => "%{SYSLOGTIMESTAMP:timestamp} %{HOST} %{SYSLOGPROG}: %{DATA:message_type}\|(%{IP:client})?\|%{URI_EXTRA:request}\|(%{URI_EXTRA:referer})?\|%{INT:uid}\|(%{DATA:link})? %{GREEDYDATA:log_message}"
    "message" => "%{SYSLOGTIMESTAMP:timestamp} %{HOST} %{SYSLOGPROG}: type=(%{QS:message_type}|%{DATA:message_type}) client=(%{IP:client})? request_uri=%{URI_EXTRA:request} referer=(%{URI_EXTRA:referer})? uid=%{INT:uid} link=(%{QS:link}|%{DATA:link})? message=%{GREEDYDATA:log_message}"
  }
}

but that didn't grab them all either, though I was getting the first one to work then...

And I've tried with break_on_match as false and true

Changed the grok config to the above and it's not matching anything, yay.