i ve used this
filebeat.inputs:
- type: log
enabled: true
paths:
- G:\\logs\\test\\*.*
parsers:
- multiline:
type: pattern
pattern: '^\d{4}-\d{2}-\d{2}'
negate: true
match: previous
output.logstash:
hosts: ["172.19.1.12:5044"]
protocol: "http"
and test same pattern in script go
package main
import (
"fmt"
"regexp"
"strings"
)
var pattern = `^\d{4}-\d{2}-\d{2} `
var negate = true
var content = `
2022-09-30 15:32:10,165 INFO [it.unidoc.cdr.core.request.comunicazionemetadati.ComunicazioneMetadati] (Camel (camel-1) thread #1 - seda://create) <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns="http://comunicazionemetadatirichiesta.xsd.fse.ini.finanze.it">
<soapenv:Header/>
<soapenv:Body>
<ComunicazioneMetadatiRichiesta>
<IdentificativoUtente>FISCALCODE12334567</IdentificativoUtente>
<IdentificativoOrganizzazione>150</IdentificativoOrganizzazione>
<StrutturaUtente>909150909</StrutturaUtente>
<RuoloUtente>DRS</RuoloUtente>
<ContestoOperativo>TREATMENT</ContestoOperativo>
<TipoDocumento>11502-2</TipoDocumento>
<IdentificativoAssistito>DFGDFGDFGGDGF</IdentificativoAssistito>
<PresaInCarico>true</PresaInCarico>
<TipoAttivita>CREATE</TipoAttivita>
</ComunicazioneMetadatiRichiesta>
</soapenv:Body>
</soapenv:Envelope>
`
func main() {
regex, err := regexp.Compile(pattern)
if err != nil {
fmt.Println("Failed to compile pattern: ", err)
return
}
lines := strings.Split(content, "\n")
fmt.Printf("matches\tline\n")
for _, line := range lines {
matches := regex.MatchString(line)
if negate {
matches = !matches
}
fmt.Printf("%v\t%v\n", matches, line)
}
}
in kibana all line is separared
example
@timestamp
Oct 15, 2022 @ 21:11:36.605
@version
1
agent.name
nturri-HP
agent.type
filebeat
agent.version
8.4.3
ecs.version
8.0.0
host.name
nturri-HP
input.type
log
log.file.path
G:\logs\test\test.log
log.offset
5,090
message
<IdentificativoUtente>FISCALCODE12334567</IdentificativoUtente>
tags
beats_input_codec_plain_applied
_id
ZvcP3YMBJAwwaWyTFwWT
_index
fsbroker
_score
-
see false line is ok on script go
