Hi
i have XML log files , each file is 1 XML line
the problem is that there is no new line afetr each XML (the file ends without an Enter) so filebeat cant ship those lines beacuse he "thinks" there is no end to the event
i tried using the close_eof: true but it didn't work
only when adding an Enter to the file (new empty line) it manages to ship the XML line
i'm using filebeat 5.0.0
any ideas?
One potential solution here could be using the mutiline feature (even though it is just one line) and use multiline.timeout. Because the above is an issue we normally hit with multiline: https://www.elastic.co/guide/en/beats/filebeat/5.2/configuration-filebeat-options.html#multiline
Hi thank you for your response
We used multiline(without the multiline.timeout option) and it did not work
Is the multiline.timeout something we must specify or if we use multiline it is by default?
The default should be set to 5s.
But TBH I would strongly recommend you to get your logging system to write a new line after the xml event if possible.
@gilisade I tested the part with the timeout and it does not work as I described previously 
So best work around is to write a new line into your file after the event.
Got it.
Thank you for trying 
This topic was automatically closed after 21 days. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.