Entire File as "one line"

paiz1556 · August 28, 2019, 7:05pm

Is there a good strategy to read an entire file as the "message" value you would send to ElasticSearch?

I see "read" mode as part of file input plugin but that wants me to write the input to a different file. I want to take what I've read and push it to Elastic Search.

I tried using the codec for multiline but didn't know how to use the end of file as the pattern.

The system i'm trying to parse writes a new file for every error so the whole file is what I need to consume. A new error, writes a new file.

Any suggestions?

Badger · August 28, 2019, 7:25pm

Use a pattern that never matches and a timeout. I use

codec => multiline { pattern => "^Spalanzani" negate => true what => previous auto_flush_interval => 1 }

paiz1556 · August 28, 2019, 7:47pm

Brilliant!!! I was trying to attack it with a pattern that always matched. I also think the fact that I wasn't using the auto_flush_interval attribute was causing some sort of issue.

This works perfectly!

system · September 25, 2019, 7:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to feed entire logfile to elasticsearch as a message Logstash	4	1408	July 6, 2017
Multiline Logstah file txt Logstash	7	577	September 1, 2020
Parsing whole file as a single event Logstash	2	1016	October 19, 2020
Placing Mutliline file into 1 document Logstash	4	277	April 2, 2019
Is it possible to combine the entire file as one event? Logstash	5	2114	July 6, 2017

Entire File as "one line"

Related Topics