Deleting post

amruth · July 12, 2017, 6:08pm

Deleting this post

amruth · July 13, 2017, 11:37am

Any update on this please...

Leandro_Sampaio · July 13, 2017, 12:03pm

To multi line ... The better solution is filebeat/logshash.

Basically use o filebeat to filter the content e grok patterns to attribute fields

amruth · July 13, 2017, 12:42pm

Hi Leandro,

I am using multiline plugin in logstash. I am not able to come up with a pattern which matches logs. Basically I am looking to extract highlighted fields above. I don't have any idea how to come up with a pattern to extract those fields.

pts0 · July 13, 2017, 12:56pm

Hi,

Have a try with multilne pluging to get all messages:

file {
    codec => multiline {
      pattern => "^Query ended"
      negate => true
      what => previous
    }

and then with filter you extract data you need.

pts0

amruth · July 13, 2017, 2:05pm

Deleting post

amruth · July 13, 2017, 4:10pm

Is there any other plugin that can be used to extract required fields? I think using Grok, we have to give exact match for logs. In my case logs are too large. Please suggest me the best way.

system · August 10, 2017, 4:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.