There seem to be lots of cases of this issue. Anyway, here is mine. I want to exclude the dashed line.
I have the following configuration for Filebeat.
- type: log
enabled: true
paths:
- /usr/cbridge/msg/current.msg
# Exlude the line of dashes TODO this seems to get ignored when multiline is working. Probably need to strip it in logstash
exclude_lines: ['^-+$']
# Setup the pattern to harvest the multiline
multiline.pattern: '^[A-Z]+: '
multiline.negate: true
multiline.match: after
My log message looks something like this:
DEBUG: 12/17/18 00:01:42.696 PID=4310 (cbaldslTL1d 1000 25100)
MonitorNbr:40070768 WorkNbr:5867 Op:RFRSH_PHONE DirNum:7702423620 DevId: SubId:500001-123456
TL1Client::TL1Client(), HOST=127.0.0.1/127.0.0.1
------------------------------------------------------------------------------
DEBUG: 12/17/18 00:01:42.696 PID=4310 (cbaldslTL1d 1000 25100)
MonitorNbr:40070768 WorkNbr:5867 Op:RFRSH_PHONE DirNum:7702423620 DevId: SubId:500001-123456
AlcatelTL1Client::TL1Client(), HOST=127.0.0.1
------------------------------------------------------------------------------
This is what I see finally in Elastic Search:
ERROR: 12/17/18 15:13:46 PID=30644 (ScreenPopServer 1000 1)
main:Exception: org.I0Itec.zkclient.exception.ZkTimeoutException: Unable to connect to zookeeper server within timeout: 50000
------------------------------------------------------------------------------
So it appears as though the exclude is not working.