Hi All,
Have been setting filebeat on Windows Server 2008 . The filebeat is installed as service but the problem here is using the multiline .
While parsing the same file through logstash it is parsing properly with the multiline codec in file input but while using filebeat the multiline doesn't work as expected it brings the whole file in a single message.
While going through the forum found that it doesn't support Windows 2008
Just t need help on this.
Log file sample
Application name:
Application type: CFGGVPMCP (145)
Command line: pwcallmgr.exe -service vpMediaControl64 -app MUM_MediaControlPlatform_1 -host HYDDCGENCME1 -port 2020 -sstart
Host name: MUMCCGENMCP1
Start time (UTC): 2019-04-16T15:33:16
Running time: 2:15:25:57
Host info: Windows 6.1.7601, 2, Service Pack 1, 1.0, 0112, 3
File: (652) E:\Ged\MUM_MCP
2019-04-19T12:29:13.402 Int 50035 00A901CB-10E79A18 4460 log varStmntToDate = *****
2019-04-19T12:29:13.402 Int 50035 00A901CB-10E79A18 4460 log varPaymentDueDate =*****
2019-04-19T12:29:13.402 Int 50035 00A901CB-10E79A18 4460 log varPaymentDueDate =*****
For Logstash multiline config
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601}"
negate => true
what => "previous"
}
For Filebeat multiline
multiline.pattern: '^%{TIMESTAMP_ISO8601}'
multiline.negate: true
multiline.match: after