Is it possible to read multiple lines at once?
The first line indicates the error. I would like to log the statement that causes the error.
< 2021-04-07 10:19:18.883 CEST db dbuser App 37386 > ERROR: operator does not exist: date = character varying at character 340
< 2021-04-07 10:19:18.883 CEST db dbuser App 37386 > HINT: No operator matches the given name and argument type(s). You might need to add explicit type casts.
< 2021-04-07 10:19:18.883 CEST db dbuser App 37386 > STATEMENT: select a.col1,a.col2 from TABLE a where ( col3= $1 AND col4= $2)
The only way I see is to detect a line having a different PID.
Example;
< 2021-04-07 10:19:18.883 CEST db dbuser App 23676 > FATAL: ....
The timestamp isn't very reliable though, but the PID is. The first three lines have PID = 37386, it should stop as soon as it detects a different PID in the log line.
I have no idea how to build the pattern. I am not a regex fun.
In that case I would suggest using an aggregate filter with the PID as the task id. Look at example 3 in the documentation. In the code section you would do something like
code => '
map["messages"] ||= []
map["messages"] << event.get("message")
# Plus whatever else you need
'
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
