My application maintains its state by persisting some info on a file within an interval of time. This file is not more than 10 lines at a time.
The format of the data that's inside the file would be something like this,
INFO=Hello World
DATE=Feb 10 2016 06:12:34
APPLICATION=TESTAPP
USER=BLAH
It seems like filebeat is only able to tail the file and read line by line which is not what I want. I want to parse these lines as a single JSON document and send to elastic.
Is there anyway to do so in filebeat ? Thank you for any input....
Filebeat has a multiline option for merging messages spread over multiple lines. Does a logical message always begin with an "INFO=" line, or how do you recognize the start of a message?
Filebeat won't able to parse the key/value pairs in the resulting message into JSON. You need Logstash for that.
If I understand the logging strategy correctly, a new file is written for basically every message. That is @mregmi always wants to create one events per file. In this case an always match pattern should do the trick.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.