Couldn't find any filter plugin named 'multiline' Error: NameError Name

manopmk · April 27, 2017, 11:12am

Hi Buddy
im using logstash 5.3.1 , im unable to use multiline in logstash of my version, help me out

my conf

input {
file {
path => ["/Users/Downloads/logs/*.log"]
start_position => "beginning"
}
}
filter {

multiline {
	pattern => "^%{TIMESTAMP_ISO8601}"
	negate => true
	what => previous
	
}

}
output {
elasticsearch {
hosts => "10.10.10.10:9200"
protocol => "http"
}
stdout { codec => rubydebug }
}

error that im getting is

Problems loading a plugin with {:type=>"filter", :name=>"multiline", :path=>"logstash/filters/multiline",
:error_message=>"NameError", :error_class=>NameError, :error_backtrace=>["C:/pratik/Digital/softwares/kibana/logstash-5.3.1/logstash-core/lib/logstash/plugins/registry.rb
:221:in namespace_lookup'", "C:/pratik/Digital/softwares/kibana/logstash-5.3.1/logstash-core/lib/logstash/plugins/registry.rb:157:inlegacy_lookup'", "C:/pratik/Digital/
softwares/kibana/logstash-5.3.1/logstash-core/lib/logstash/plugins/registry.rb:133:in lookup'", "C:/pratik/Digital/softwares/kibana/logstash-5.3.1/logstash-core/lib/logst ash/plugins/registry.rb:175:inlookup_pipeline_plugin'", "C:/pratik/Digital/softwares/kibana/logstash-5.3.1/logstash-core/lib/logstash/plugin.rb:137:in lookup'", "C:/pra tik/Digital/softwares/kibana/logstash-5.3.1/logstash-core/lib/logstash/pipeline.rb:88:inplugin'", "(eval):12:in initialize'", "org/jruby/RubyKernel.java:1079:ineval'"
, "C:/pratik/Digital/softwares/kibana/logstash-5.3.1/logstash-core/lib/logstash/pipeline.rb:60:in initialize'", "C:/pratik/Digital/softwares/kibana/logstash-5.3.1/logstas h-core/lib/logstash/pipeline.rb:139:ininitialize'", "C:/pratik/Digital/softwares/kibana/logstash-5.3.1/logstash-core/lib/logstash/agent.rb:277:in create_pipeline'", "C: /pratik/Digital/softwares/kibana/logstash-5.3.1/logstash-core/lib/logstash/agent.rb:95:inregister_pipeline'", "C:/pratik/Digital/softwares/kibana/logstash-5.3.1/logstash
-core/lib/logstash/runner.rb:264:in execute'", "C:/pratik/Digital/softwares/kibana/logstash-5.3.1/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:67:inrun
'", "C:/pratik/Digital/softwares/kibana/logstash-5.3.1/logstash-core/lib/logstash/runner.rb:183:in run'", "C:/pratik/Digital/softwares/kibana/logstash-5.3.1/vendor/bundle /jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:132:inrun'", "C:\pratik\Digital\softwares\kibana\logstash-5.3.1\lib\bootstrap\environment.rb:71:in `(root)'"]}
16:17:44.202 [LogStash::Runner] ERROR logstash.agent - Cannot load an invalid configuration {:reason=>"Couldn't find any filter plugin named 'multiline'. Are you sure this
** is correct? Trying to load the multiline filter plugin resulted in this error: Problems loading the requested plugin named multiline of type filter. Error: NameError Name**
Error"}

Xavy · April 27, 2017, 2:40pm

Hi there:

I'm afraid that multiline filter was removed on 5.x series from default installation:

https://www.elastic.co/guide/en/logstash/5.0/breaking-changes.html:
There were 17 plugins removed from 5.0 default bundle. These plugins can still be installed manually for use:

logstash-codec-oldlogstashjson
logstash-input-eventlog
logstash-input-log4j
logstash-input-zeromq
logstash-filter-anonymize
logstash-filter-checksum
logstash-filter-multiline
logstash-output-email
logstash-output-exec
logstash-output-ganglia
logstash-output-gelf
logstash-output-hipchat
logstash-output-juggernaut
logstash-output-lumberjack
logstash-output-nagios_nsca
logstash-output-opentsdb
logstash-output-zeromq

Have you manually installed such a filter?

Christian_Dahlqvist · April 27, 2017, 4:18pm

The multiline filter plugin was deprecated. You should instead use the multiline codec filter.

manopmk · April 28, 2017, 5:50am

No buddy .i didnit install any plugin.
1> is possible install multiline plugin in logstash 5.3.1 ?
2> how can i achieve multiline i searched some website they suggested add in codec
i tried by addling like this but still i couldn't get
input {
file {
path => ["C:/pratik/Digital/softwares/logs/search.log"]
start_position => "beginning"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601} "
negate => true
what => previous
}
}
}
output {
elasticsearch {
hosts => "localhost:9200"
}
stdout { codec => rubydebug }
}

manopmk · April 28, 2017, 5:57am

with the reference u gave
i worked on by updating my conf
input {
file {
path => ["C:/pratik/Digital/softwares/logs/search.log"]
start_position => "beginning"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601} "
negate => true
what => previous
}
}
}
output {
elasticsearch {
hosts => "localhost:9200"
}
stdout { codec => rubydebug }
}

BUT STILL NOT Worked as expected it shows

Could not find log4j2 configuration at path /pratik/Digital/softwares/kibana/logstash-5.3.1/config/log4j2.properties. Using default config which logs to console
16:19:49.036 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>[#<URI::Generic
:0x330f19a3 URL://localhost:9200>]}
16:19:49.049 [[main]-pipeline-manager] INFO logstash.pipeline - Starting pipeline {"id"=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"
=>5, "pipeline.max_inflight"=>500}
16:19:49.872 [[main]-pipeline-manager] INFO logstash.pipeline - Pipeline main started
16:19:50.272 [Api Webserver] INFO logstash.agent - Successfully started Logstash API endpoint {:port=>9600}
^CTerminate batch job (Y/N)? 16:22:05.019 [SIGINT handler] WARN logstash.runner - SIGINT received. Shutting down the agent.
16:22:05.030 [LogStash::Runner] WARN logstash.agent - stopping pipeline {:id=>"main"}

I DIDNT GET ANY JSON Generated in logstash console.ie(not loaded log into elastic search also it didt get any errors)
can you help

Christian_Dahlqvist · April 28, 2017, 6:30am

If you have tried to process the file before, you may need to clear the sincedb file in order for it to get picked up again.

manopmk · April 28, 2017, 7:22am

hi buddy
i cleared files inside sincedb.i loaded conf again its seems showing same
Could not find log4j2 configuration at path /pratik/Digital/softwares/kibana/logstash-5.3.1/config/log4j2.properties. Using default config which logs to console
16:19:49.036 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>[#<URI::Generic
:0x330f19a3 URL://localhost:9200>]}
16:19:49.049 [[main]-pipeline-manager] INFO logstash.pipeline - Starting pipeline {"id"=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"
=>5, "pipeline.max_inflight"=>500}
16:19:49.872 [[main]-pipeline-manager] INFO logstash.pipeline - Pipeline main started
16:19:50.272 [Api Webserver] INFO logstash.agent - Successfully started Logstash API endpoint {:port=>9600}
^CTerminate batch job (Y/N)? 16:22:05.019 [SIGINT handler] WARN logstash.runner - SIGINT received. Shutting down the agent.
16:22:05.030 [LogStash::Runner] WARN logstash.agent - stopping pipeline {:id=>"main"}

nothing changed.

system · May 26, 2017, 7:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problem with logstash config Logstash	6	4787	March 31, 2017
Couldn't find any filter plugin named 'multiline' Logstash	4	1351	January 31, 2017
Can not find the multine plug-in in my logstash 5.1.2? Logstash	5	841	February 25, 2017
Logstash 5.1.1 - Couldn't find any filter plugin named 'multiline' Logstash	12	13984	February 27, 2017
Logstash filter multiline not working Logstash	10	9617	August 8, 2017

Couldn't find any filter plugin named 'multiline' Error: NameError Name

Related topics