Hi, i want to regroup lines in log file (5 lines max), i want to regroup lines until (default task-XX)
This is my filebeat config :
fields_under_root: true
multiline.type: pattern
multiline.pattern: '[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2},[0-9]{3} * [A-Z]{3,5} * \[*[a-z]{1,10}\] * \(([^)]+)\)'
multiline.negate: false
multiline.match: after
multiline.max_lines: 5`
Here is an example of lines :
2021-06-16 10:32:57,679 ERROR [stderr] (default task-51) com.itnsa.fwk.exception.T9RuntimeException: Ce contrat est introuvable pour POL_IDENT = [11 381 782], traitement impossible
2021-06-16 10:32:57,679 ERROR [stderr] (default task-51) at com.itnsa.assurance.soa.impl.SOAChargementContratImpl.chargeme
2021-06-16 10:32:57,679 ERROR [stderr] (default task-84) com.itnsa.fwk.exception.T9RuntimeException: Ce contrat est introuvable pour POL_IDENT = [11 381 782], traitement impossible
2021-06-16 10:32:57,679 ERROR [stderr] (default task-84) at com.itnsa.assurance.soa.impl.SOAChargementContratImpl.chargeme
2021-06-16 10:32:57,679 ERROR [stderr] (default task-84) com.itnsa.fwk.exception.T9RuntimeException: Ce contrat est introuvable pour POL_IDENT = [11 381 782], traitement impossible
2021-06-16 10:32:57,679 ERROR [stderr] (default task-84) at com.itnsa.assurance.soa.impl.SOAChargementContratImpl.chargeme
Here is my kibana pipeline to build fields :
PUT _ingest/pipeline/jboss-pipeline-preprod
{
"description" : "pipeline preprod",
"processors":
[
{
"grok":
{
"field": "message",
"patterns": ["%{TIMESTAMP_ISO8601:ladate} %{WORD:severity} * \\[%{DATA:typestd}\\] *
\\ (%{DATA:task_id}\\) %{GREEDYDATA:message}"]
}
}
]
}
Combination of lines is not working please help me for this.