I have the following multiline pattern to handle Java stack traces:
multiline.type: pattern
multiline.pattern: '^\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2}.\d{3}'
multiline.negate: true
multiline.match: after
It works fine for java logs.
However, all non-java logs that are collected from other applications are concatenated in a multiline message split every 5 sec when timeout occurs. Start of the line in those logs is totally different and it does not match the pattern.
Why is everything is multilined, if no pattern is found? Is this intended behaviour?
Hi!
I'm not sure what this pattern does however there are some Java specific examples you can check at Manage multiline messages | Filebeat Reference [7.11] | Elastic.
Also in the same docs page there is a playground link where you can check your patterns against the sample input so as to verify if the pattern matches the log or not.
If you make sure that logs do not match the pattern but they are grouped in the multiline then please open a Github issue to report this since I see that it shouldn't happen like this.
Thank you!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.