After enabling multiline.pattern, filebeat service not starting

Elastic Stack Beats
1

Hi Team,
There is requirement of shipping multiple lines of logs to elasticsearch. Here is the configuration which i placed in filebeat.yml file.

=============

  • type: docker
    combine_partial: true
    containers:
    path: "/var/lib/docker/containers"
    stream: "stdout"
    ids:
    - ""
    multiline.pattern: '.    [.((\n.){50})'

    multiline.negate: false

    multiline.match: before

========================
After updating above configurations, filebeat service is not starting. Can you please advice to fix the issue.

Thanks in Advance.

Regards,
Bhaskar.

2

Are you seeing any errors or warnings in the Filebeat logs after trying to restart it?

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.