Filebeat multiline Issue

Hi Team,

I have an issue in filebeat Multiline pattern, below are my logs and filebeat configuration.

sample_logs

	21-04-01  Name                         Succ    Fail  Reject  Thrput   Response time (ms)
																   (/s)    Avg    Min    Max
	00:00:00  Total sum                      7       1       0       0   1467   1235   1715
			  event                          7       1       0       0   1467   1235   1715
	00:00:10  Total sum                      7       2       0       0   1257    418   2948
			  event                          7       2       0       0   1257    418   2948
	00:00:20  Total sum                      8       3       0       0   1257    231   1981
			  event                          8       3       0       0   1257    231   1981
	21-04-01  Name                         Succ    Fail  Reject  Thrput   Response time (ms)
																   (/s)    Avg    Min    Max
	00:02:00  Total sum                      7       1       0       0   1467   1235   1715
			  event                          7       1       0       0   1467   1235   1715
	00:02:10  Total sum                      7       2       0       0   1257    418   2948
			  event                          7       2       0       0   1257    418   2948
	00:03:20  Total sum                      8       3       0       0   1257    231   1981
			  event                          8       3       0       0   1257    231   1981	

# Filebeat Multiline configuration
  multiline.pattern: Name
  multiline.negate: true
  multiline.match: after
  ignore_older: 24h

My Issue:
with above configuration multiline pattern is working fine, if whole logs arrive at a time in log file. But if there is a delay (like last 2 lines) last 2 lines of logs is sending as separate event.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.