Couldn't find any filter plugin named 'multiline' Error: NameError Name

manopmk · April 27, 2017, 11:12am

Hi Buddy
im using logstash 5.3.1 , im unable to use multiline in logstash of my version, help me out

my conf

input {
file {
path => ["/Users/Downloads/logs/*.log"]
start_position => "beginning"
}
}
filter {

multiline {
	pattern => "^%{TIMESTAMP_ISO8601}"
	negate => true
	what => previous
	
}

}
output {
elasticsearch {
hosts => "10.10.10.10:9200"
protocol => "http"
}
stdout { codec => rubydebug }
}

error that im getting is

Problems loading a plugin with {:type=>"filter", :name=>"multiline", :path=>"logstash/filters/multiline",
:error_message=>"NameError", :error_class=>NameError, :error_backtrace=>["C:/pratik/Digital/softwares/kibana/logstash-5.3.1/logstash-core/lib/logstash/plugins/registry.rb
:221:in namespace_lookup'", "C:/pratik/Digital/softwares/kibana/logstash-5.3.1/logstash-core/lib/logstash/plugins/registry.rb:157:inlegacy_lookup'", "C:/pratik/Digital/
softwares/kibana/logstash-5.3.1/logstash-core/lib/logstash/plugins/registry.rb:133:in lookup'", "C:/pratik/Digital/softwares/kibana/logstash-5.3.1/logstash-core/lib/logst ash/plugins/registry.rb:175:inlookup_pipeline_plugin'", "C:/pratik/Digital/softwares/kibana/logstash-5.3.1/logstash-core/lib/logstash/plugin.rb:137:in lookup'", "C:/pra tik/Digital/softwares/kibana/logstash-5.3.1/logstash-core/lib/logstash/pipeline.rb:88:inplugin'", "(eval):12:in initialize'", "org/jruby/RubyKernel.java:1079:ineval'"
, "C:/pratik/Digital/softwares/kibana/logstash-5.3.1/logstash-core/lib/logstash/pipeline.rb:60:in initialize'", "C:/pratik/Digital/softwares/kibana/logstash-5.3.1/logstas h-core/lib/logstash/pipeline.rb:139:ininitialize'", "C:/pratik/Digital/softwares/kibana/logstash-5.3.1/logstash-core/lib/logstash/agent.rb:277:in create_pipeline'", "C: /pratik/Digital/softwares/kibana/logstash-5.3.1/logstash-core/lib/logstash/agent.rb:95:inregister_pipeline'", "C:/pratik/Digital/softwares/kibana/logstash-5.3.1/logstash
-core/lib/logstash/runner.rb:264:in execute'", "C:/pratik/Digital/softwares/kibana/logstash-5.3.1/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:67:inrun
'", "C:/pratik/Digital/softwares/kibana/logstash-5.3.1/logstash-core/lib/logstash/runner.rb:183:in run'", "C:/pratik/Digital/softwares/kibana/logstash-5.3.1/vendor/bundle /jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:132:inrun'", "C:\pratik\Digital\softwares\kibana\logstash-5.3.1\lib\bootstrap\environment.rb:71:in `(root)'"]}
16:17:44.202 [LogStash::Runner] ERROR logstash.agent - Cannot load an invalid configuration {:reason=>"Couldn't find any filter plugin named 'multiline'. Are you sure this
** is correct? Trying to load the multiline filter plugin resulted in this error: Problems loading the requested plugin named multiline of type filter. Error: NameError Name**
Error"}

Xavy · April 27, 2017, 2:40pm

Hi there:

I'm afraid that multiline filter was removed on 5.x series from default installation:

https://www.elastic.co/guide/en/logstash/5.0/breaking-changes.html:
There were 17 plugins removed from 5.0 default bundle. These plugins can still be installed manually for use:

logstash-codec-oldlogstashjson
logstash-input-eventlog
logstash-input-log4j
logstash-input-zeromq
logstash-filter-anonymize
logstash-filter-checksum
logstash-filter-multiline
logstash-output-email
logstash-output-exec
logstash-output-ganglia
logstash-output-gelf
logstash-output-hipchat
logstash-output-juggernaut
logstash-output-lumberjack
logstash-output-nagios_nsca
logstash-output-opentsdb
logstash-output-zeromq

Have you manually installed such a filter?

Christian_Dahlqvist · April 27, 2017, 4:18pm

The multiline filter plugin was deprecated. You should instead use the multiline codec filter.

manopmk · April 28, 2017, 5:50am

No buddy .i didnit install any plugin.
1> is possible install multiline plugin in logstash 5.3.1 ?
2> how can i achieve multiline i searched some website they suggested add in codec
i tried by addling like this but still i couldn't get
input {
file {
path => ["C:/pratik/Digital/softwares/logs/search.log"]
start_position => "beginning"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601} "
negate => true
what => previous
}
}
}
output {
elasticsearch {
hosts => "localhost:9200"
}
stdout { codec => rubydebug }
}

manopmk · April 28, 2017, 5:57am

with the reference u gave
i worked on by updating my conf
input {
file {
path => ["C:/pratik/Digital/softwares/logs/search.log"]
start_position => "beginning"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601} "
negate => true
what => previous
}
}
}
output {
elasticsearch {
hosts => "localhost:9200"
}
stdout { codec => rubydebug }
}

BUT STILL NOT Worked as expected it shows

Could not find log4j2 configuration at path /pratik/Digital/softwares/kibana/logstash-5.3.1/config/log4j2.properties. Using default config which logs to console
16:19:49.036 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>[#<URI::Generic
:0x330f19a3 URL://localhost:9200>]}
16:19:49.049 [[main]-pipeline-manager] INFO logstash.pipeline - Starting pipeline {"id"=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"
=>5, "pipeline.max_inflight"=>500}
16:19:49.872 [[main]-pipeline-manager] INFO logstash.pipeline - Pipeline main started
16:19:50.272 [Api Webserver] INFO logstash.agent - Successfully started Logstash API endpoint {:port=>9600}
^CTerminate batch job (Y/N)? 16:22:05.019 [SIGINT handler] WARN logstash.runner - SIGINT received. Shutting down the agent.
16:22:05.030 [LogStash::Runner] WARN logstash.agent - stopping pipeline {:id=>"main"}

I DIDNT GET ANY JSON Generated in logstash console.ie(not loaded log into elastic search also it didt get any errors)
can you help

Christian_Dahlqvist · April 28, 2017, 6:30am

If you have tried to process the file before, you may need to clear the sincedb file in order for it to get picked up again.

manopmk · April 28, 2017, 7:22am

hi buddy
i cleared files inside sincedb.i loaded conf again its seems showing same
Could not find log4j2 configuration at path /pratik/Digital/softwares/kibana/logstash-5.3.1/config/log4j2.properties. Using default config which logs to console
16:19:49.036 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>[#<URI::Generic
:0x330f19a3 URL://localhost:9200>]}
16:19:49.049 [[main]-pipeline-manager] INFO logstash.pipeline - Starting pipeline {"id"=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"
=>5, "pipeline.max_inflight"=>500}
16:19:49.872 [[main]-pipeline-manager] INFO logstash.pipeline - Pipeline main started
16:19:50.272 [Api Webserver] INFO logstash.agent - Successfully started Logstash API endpoint {:port=>9600}
^CTerminate batch job (Y/N)? 16:22:05.019 [SIGINT handler] WARN logstash.runner - SIGINT received. Shutting down the agent.
16:22:05.030 [LogStash::Runner] WARN logstash.agent - stopping pipeline {:id=>"main"}

nothing changed.

system · May 26, 2017, 7:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.