Entire File as "one line"

paiz1556 · August 28, 2019, 7:05pm

Is there a good strategy to read an entire file as the "message" value you would send to ElasticSearch?

I see "read" mode as part of file input plugin but that wants me to write the input to a different file. I want to take what I've read and push it to Elastic Search.

I tried using the codec for multiline but didn't know how to use the end of file as the pattern.

The system i'm trying to parse writes a new file for every error so the whole file is what I need to consume. A new error, writes a new file.

Any suggestions?

Badger · August 28, 2019, 7:25pm

Use a pattern that never matches and a timeout. I use

codec => multiline { pattern => "^Spalanzani" negate => true what => previous auto_flush_interval => 1 }

paiz1556 · August 28, 2019, 7:47pm

Brilliant!!! I was trying to attack it with a pattern that always matched. I also think the fact that I wasn't using the auto_flush_interval attribute was causing some sort of issue.

This works perfectly!

system · September 25, 2019, 7:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to feed entire logfile to elasticsearch as a message Logstash	4	1408	July 6, 2017
Multiline - match whole file Logstash	1	834	March 2, 2017
Shipping whole file as message? Beats filebeat	4	3718	August 25, 2017
Parse a file as a whole having key value pairs Logstash	2	982	July 11, 2019
Multiline Logstah file txt Logstash	7	577	September 1, 2020

Entire File as "one line"

Related topics