I just setup a multiline parser because of the multiline error logs of nginx.
Before the logs were visible in kibana as seperate log enteries, now they are not visible at all.
The single line logs are being logged correctly but the multiline are not coming through.
This is the config of filebeat:
filebeat.inputs:
- type: log
paths:
- "/var/log/nginx/error.log"
fields_under_root: true
fields:
document_type: nginx-error
parsers:- multiline:
type: pattern
pattern: '^\d{4}/(0?[1-9]|1[012])/(0?[1-9]|[12][0-9]|3[01])'
negate: true
match: after