Can we add below codec => multiline in filter section ?
if [sourcetype =~ /error/]
{
codec => multiline {
pattern => "(^%{TOMCAT_DATESTAMP})|(^%{CATALINA_DATESTAMP})"
negate => true
what => "previous"
}
}
No. codecs are used in inputs and outputs, not filters.
Thank you. But it throws configuration error in output section too.
Configuration looks good after adding codec inside amazon_es, But it didnt merge the lines . Does codec -> multiline is supported for amazon_es plugin ?
amazon_es {
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601}"
negate => true
what => "previous"
auto_flush_interval => 5
}
hosts =>....
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.