Filebeat ignore all pattern

Nikolas1306 · October 16, 2022, 9:58am

i used simple config

parsers:
- multiline:
    type: pattern
    pattern: '^test'
    negate: false
    match: after

output.console:
     pretty: true

ter_id":"41e9015a-67cd-4e5a-b602-6ce8a0eba50d","ecs.version":"1.6.0"}
{
  "@timestamp": "2022-10-16T10:00:03.092Z",
  "@metadata": {
    "beat": "filebeat",
    "type": "_doc",
    "version": "8.4.3"
  },
  "input": {
    "type": "log"
  },
  "ecs": {
    "version": "8.0.0"
  },
  "host": {
    "name": "nturri-HP"
  },
  "agent": {
    "ephemeral_id": "85c44e17-dfb7-472f-b57a-be5d14f43dab",
    "id": "0b4a67a1-c70a-4110-9dea-26571614c0dd",
    "name": "nturri-HP",
    "type": "filebeat",
    "version": "8.4.3"
  },
  "log": {
    "file": {
      "path": "G:\\filebeat-8.4.3-windows-x86_64\\logs\\test2.log"
    },
    "offset": 0
  },
  "message": "hello how are you"
}
{
  "@timestamp": "2022-10-16T10:00:03.092Z",
  "@metadata": {
    "beat": "filebeat",
    "type": "_doc",
    "version": "8.4.3"
  },
  "log": {
    "offset": 19,
    "file": {
      "path": "G:\\filebeat-8.4.3-windows-x86_64\\logs\\test2.log"
    }
  },
  "message": "test",
  "input": {
    "type": "log"
  },
  "agent": {
    "id": "0b4a67a1-c70a-4110-9dea-26571614c0dd",
    "name": "nturri-HP",
    "type": "filebeat",
    "version": "8.4.3",
    "ephemeral_id": "85c44e17-dfb7-472f-b57a-be5d14f43dab"
  },
  "ecs": {
    "version": "8.0.0"
  },
  "host": {
    "name": "nturri-HP"
  }
}
{
  "@timestamp": "2022-10-16T10:00:03.092Z",
  "@metadata": {
    "beat": "filebeat",
    "type": "_doc",
    "version": "8.4.3"
  },
  "input": {
    "type": "log"
  },
  "agent": {
    "type": "filebeat",
    "version": "8.4.3",
    "ephemeral_id": "85c44e17-dfb7-472f-b57a-be5d14f43dab",
    "id": "0b4a67a1-c70a-4110-9dea-26571614c0dd",
    "name": "nturri-HP"
  },
  "ecs": {
    "version": "8.0.0"
  },
  "host": {
    "name": "nturri-HP"
  },
  "log": {
    "offset": 25,
    "file": {
      "path": "G:\\filebeat-8.4.3-windows-x86_64\\logs\\test2.log"
    }
  },
  "message": "i am fine "
}

hello how are you
test
i am fine 
and you

but never apply this

i see this video and version 6 is functionally


[Filebeat Demo- Multiline configuration | how to read multiple lines at a time from log file . - YouTube](https://www.youtube.com/watch?v=823ZdeebCDI)

Nikolas1306 · October 16, 2022, 12:35pm

hello i've resolved with

filebeat.inputs:

type: filestream
paths:
- G:\filebeat-8.4.3-windows-x86_64\logs*.*

parsers:
- multiline:
  type: pattern
  pattern: '^\d{4}-\d{2}-\d{2}'
  negate: true
  match: after

output.logstash:
hosts: ["172.22.13.178:5044"]
protocol: "http"

warkolm · October 17, 2022, 2:04am

Thanks for sharing your solution.

In future please also be mindful of where you are putting your topics, they don't all belong in #elastic-stack:elasticsearch

system · November 14, 2022, 2:04am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ignore_inactive does not work in filebeat with filestream config type (filebeat version:8.1.0) Beats filebeat	1	455	April 20, 2022
Filebeat bugs not respect pattern go Beats filebeat	1	192	November 12, 2022
Regex compiling issues Beats filebeat	3	748	March 22, 2017
Multiline Filebeat Beats filebeat	5	548	May 1, 2019
Filebeat multiline pattern with negate works for all logs even without pattern Beats filebeat	1	340	June 4, 2019

Filebeat ignore all pattern

Related topics