Deleting post

amruth · July 12, 2017, 6:08pm

Deleting this post

amruth · July 13, 2017, 11:37am

Any update on this please...

Leandro_Sampaio · July 13, 2017, 12:03pm

To multi line ... The better solution is filebeat/logshash.

Basically use o filebeat to filter the content e grok patterns to attribute fields

amruth · July 13, 2017, 12:42pm

Hi Leandro,

I am using multiline plugin in logstash. I am not able to come up with a pattern which matches logs. Basically I am looking to extract highlighted fields above. I don't have any idea how to come up with a pattern to extract those fields.

pts0 · July 13, 2017, 12:56pm

Hi,

Have a try with multilne pluging to get all messages:

file {
    codec => multiline {
      pattern => "^Query ended"
      negate => true
      what => previous
    }

and then with filter you extract data you need.

pts0

amruth · July 13, 2017, 2:05pm

Deleting post

amruth · July 13, 2017, 4:10pm

Is there any other plugin that can be used to extract required fields? I think using Grok, we have to give exact match for logs. In my case logs are too large. Please suggest me the best way.

Topic		Replies	Views
Parsing multiline logs in Logstash Logstash	4	2769	July 20, 2017
How to separate fields of a log on logstash with beats Logstash	3	366	February 21, 2019
Grep multiline log Logstash	1	518	November 9, 2017
Add field multiline under multiline filebeat/logstash Logstash	2	491	March 22, 2022
Multiline plugin not working as expected Logstash	5	1457	July 6, 2017

Deleting post

Related topics