I am using filebeat-5.6
My config filebeat -> logstash -> elasticsearch -> kibana
I have hundreds of log files with 1KB - 2KB data( usually each file has atmost 15 lines of messages in them) in a folder. Is it possible to configure filebeat to send entire messages in each log file as a single message to elasticsearch and then view the whole log file messages in kibana's document message field.
Filebeat reads fundamentally line by line, but I think it should be possible to use a multiline configuration to match up together everything from the file.
For example, the following should put together any lines:
multiline.pattern: '.'
multiline.match: after
Multiline doesn't match across files, so the EOF then works as a natural demarcation line. A quick test shows that this should work.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.