Codec multiline

uma_rengasamy · August 14, 2019, 12:50pm

Can we add below codec => multiline in filter section ?

if [sourcetype =~ /error/]
{
codec => multiline {
pattern => "(^%{TOMCAT_DATESTAMP})|(^%{CATALINA_DATESTAMP})"
negate => true
what => "previous"
}
}

Badger · August 14, 2019, 12:52pm

No. codecs are used in inputs and outputs, not filters.

uma_rengasamy · August 16, 2019, 6:04am

Thank you. But it throws configuration error in output section too.

uma_rengasamy · August 27, 2019, 10:02am

Configuration looks good after adding codec inside amazon_es, But it didnt merge the lines . Does codec -> multiline is supported for amazon_es plugin ?
amazon_es {
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601}"
negate => true
what => "previous"
auto_flush_interval => 5
}
hosts =>....
}

system · September 24, 2019, 10:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Codec multiline in output section Logstash	8	400	October 25, 2019
Add multiline codec issue on logstash Logstash	6	321	June 27, 2023
Multi_line codec vs filter Logstash	1	414	July 6, 2017
Multiline codec in filter Logstash elastic-stack-monitoring	10	792	December 22, 2020
Multiline codec with http input Logstash	6	1131	May 22, 2018

Codec multiline

Related topics