Filebeat log not in elastic when matching parser

NL-kk · February 27, 2023, 3:16pm

I just setup a multiline parser because of the multiline error logs of nginx.
Before the logs were visible in kibana as seperate log enteries, now they are not visible at all.
The single line logs are being logged correctly but the multiline are not coming through.

This is the config of filebeat:

filebeat.inputs:

type: log
paths:

"/var/log/nginx/error.log"
fields_under_root: true
fields:
document_type: nginx-error
parsers:

multiline:
type: pattern
pattern: '^\d{4}/(0?[1-9]|1[012])/(0?[1-9]|[12][0-9]|3[01])'
negate: true
match: after

system · March 27, 2023, 5:16pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Multiline logs are not working using filebeat Beats filebeat	1	507	November 19, 2021
Something wrong with multiline Beats filebeat	4	349	August 22, 2018
Filebeat Multiline Pattern not working on Production servers Beats filebeat	1	255	September 21, 2021
Multiline filter not working as expected Beats filebeat	2	384	February 28, 2019
Filebeat Multiline log lines are not matching with logstash and kibana Beats filebeat	3	628	November 25, 2016

Filebeat log not in elastic when matching parser

Related Topics