GELF multiline codec doesn't work

Josh_Reichardt · March 16, 2017, 8:16pm

I am attempting to set up the multiline input for GELF but it doesn't seem to work and I'm not sure why. Is there a way to debug the multiline input, or does anybody know otherwise why this wouldn't be working?

Here's the configuration. I have tried a number of different patterns but none of them seem to work:

...
gelf {
        port => 12201
        type => gelf
        codec => multiline {
            pattern => "^\s"
            what => next
        }
    }
...

Other relevant details:

I am sending logs from the Docker daemon from a different machine via the gelf log driver
Logs are showing up in Logstash fine, the multiline functionality is the only part that isn't working
Docker version is 1.13 for the hosts sending logs, version 1.11 on the ELK side
Logstash and the rest of the ELK stack is running as a container and is v5.2

Any idea what could be causing the problem or how to fix?

system · April 13, 2017, 8:16pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Gelf & multiline plugin @ 5.x Logstash	1	964	January 9, 2017
Codec in gelf input plugin not working Logstash	6	280	July 21, 2022
Multiline input codec not working (php stacktrace) Logstash	1	507	September 13, 2019
Multiline plugin for logstash not working for gelf input Logstash	12	1775	November 15, 2018
Multiline codec in Logstash 6.6 not working Logstash	7	344	April 11, 2019

GELF multiline codec doesn't work

Related topics