Filebeat and laravel logs

Hello everyone. Can someone tell me how to set up laravel logs in filebeat (without logstash).

In the picture i showed with arrows that i want the log to break: date to timestamp field, type in env field, error-type to severity field. And everything else in the message field.

But, whatever petterns i use, i get the whole error entirely in the message field:
https://take.ms/S73uI

My filebeat.yml conf:

filebeat.inputs:

  • type: log
    enabled: true
    paths:
    • /var/www/html/lara/storage/logs/*.log
      multiline.pattern: "%{TIMESTAMP_ISO8601}%{GREEDYDATA}"
      multiline.negate: true
      multiline.match: after
1 Like

@belledota

Which version of filebeat you are using?

There is an example configuration in our documentation on multiline. I think this one fits exactly your use case: https://www.elastic.co/guide/en/beats/filebeat/master/_examples_of_multiline_configuration.html#_timestamps

Hi. I'm using filebeat-6.6.0

I'm change my filebeat.yml to:

multiline.pattern: '[%{TIMESTAMP_ISO8601:timestamp}] %{WORD:env}.%{LOGLEVEL:severity}: %{GREEDYDATA:message}'
multiline.negate: true
multiline.match: after
multiline.flush_pattern: '"}'

But, result is the same as the my first post.

The documentation contains the following configuration:

multiline.pattern: '^\[[0-9]{4}-[0-9]{2}-[0-9]{2}'
multiline.negate: true
multiline.match: after

You need to paste these three lines into your configuration.
The pattern of multiline is a regex pattern, not grok.

If you need further processing, you either need to use Ingest pipelines or Logstash instead of Filebeat.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.