Filebeat Regex problem - Escape pipe and colon

I have configured filebeat on my windows server where i need to look for the lines matching the below pattern. Since the line itself has a pipe symbol "|" and a colon ":" the filebeat is considering it as OR condition and multi-line pattern for ":". But my regex has to match the whole string as it is..

modtransfer_2_1:reportResultCode | Result Description | strResultDescription : MOD TRANSFER FAILURE

This the text i need to look for in my log file. Please note the | (pipe) is not an OR condition and : (colon) does not mean anything. It is the actual text itself. I have my filebeat.yml configured like this.

  include_lines: ["('modtransfer_2_1\reportResultCode | Result Description | strResultDescription : MOD TRANSFER FAILURE')"]

But the filebeat treats each | separator as OR condition. How do i escape the pipe and colon ? Please assist.

if possible do not use double quotes in yaml files when defining regular expressions (see filebeat FAQ section). yaml will treat the \ character as escape character, which itself is the escape character for |. When using single quotes no escape character is required. Nevertheless use \ to escape the pipe symbol.

This topic was automatically closed after 21 days. New replies are no longer allowed.