hey guys:
I have logs format like this:
*****************
line a
line b
*****************
line c
line d
*****************
line e
line f
and I want to combine the lines bewteen "***" lines and exclude "***" lines themself,like this:
"line a
line b"
"line c
line d"
"line e
line f"
how should I configure filebeat? thanks.
You can combine them together with something like this:
multiline.pattern: '****'
multiline.negate: true
multiline.match: after
But that's going to include the "****" lines. You can, however, post-process the messages in the Elasticsearch Ingest Node or Logstash to remove the **** line.
Thank you.I successfully tried remove them with Logstash.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.