Forwarding data from Extended log file format from using filebeat to ES

ARAVIND_KAMATH · May 16, 2017, 10:12am

I have a sample log format which looks similar the one shown below

key1=value1,
key2=value2,
key3=value3
EOF

key1=value4
key2=value5
key3=value6
EOF

....
and so on

how can I configure file beat to harvest such log file and push data to elasticsearch
or there is any other work arround

tudor · May 16, 2017, 10:38am

I'd recommend using multiline in Filebeat to group everything between the EOF lines. Then you could use the kv filter in Logstash to parse the values.

If you don't want to use Logstash, and only use Elasticsearch, you can also use the Ingest Node kv processor.

Topic		Replies	Views
Parsing logback log files with filebeat and sending them to Elasticsearch Beats	15	26497	July 5, 2017
Document other than log files Beats filebeat	2	307	February 19, 2019
Problem Beats	2	270	February 20, 2020
Moving from ELK to EFK Beats docker , filebeat	3	1280	November 26, 2019
Need Help to parse specific Log format Elasticsearch	4	485	October 20, 2018

Forwarding data from Extended log file format from using filebeat to ES

I have a sample log format which looks similar the one shown below

key1=value1, key2=value2, key3=value3 EOF

key1=value4 key2=value5 key3=value6 EOF

Related topics

key1=value1,
key2=value2,
key3=value3
EOF

key1=value4
key2=value5
key3=value6
EOF