Example logstash.conf with multiline json to elasticsearch

Annette1 · August 12, 2020, 2:47pm

kibana error - failed to format messages from /var/lib/containers/....json.log

filebeat config

"paths": [/var/lib/docker/cnotainers//.log"]
"fields": {"environement": "dev", "system" : "test" "level "application"},
"json.keys_uder_root": false, "tags" ["docker", "json", "dev"],
"multiline": [negate": true "pattern": "^\[|^[0-9]{4}-[0-9]{2}-[0-9] {2}",
"match": "after"}, "type": "log"},

works when sending directly to elastic search ...but cannot get to work through logstash to elasticsearch.

Annette1 · August 12, 2020, 4:03pm

input beats in logstash. output elastic search

system · September 9, 2020, 4:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat fails to process kibana json logs “failed to format message from *json-.log “in a docker enviroment with logstash Logstash docker	8	760	August 11, 2021
Moving from Logstash to Filebeat Beats filebeat	2	479	December 11, 2019
Autodiscover and parsing json in a multiline log message Beats filebeat	1	1020	December 17, 2019
Filebeat crashing on JSON decoder and multiline together specifying a message_key value error Beats filebeat	1	1526	May 8, 2019
Remove backslash from Json logs in Kibana Beats docker , filebeat	1	375	April 10, 2022

Example logstash.conf with multiline json to elasticsearch

Related topics