Grok cant detect change of line

Alexandros888 · November 18, 2020, 7:36am

Hello all,

I have the following file that i want to grok:

AG	100045	1FB702		27.12.2011	675337068	ZFA31200000......
AG	100045		X	17.11.1961	084260332	5352...
AG	100046	1SF995		22.04.2016	217347660	TMBET6NH1G4......
AG	100047	1NA955		29.04.2016	679788553	JN1JCNT32U0......
AG	100048	1TA247		27.01.2005	327171306	VNKKL18370A......
AG	10005	6S7081		09.05.1997	416470418	VS52A112...
AG	100050		X	01.07.1962	084272310	5353...
AG	100051	1VE306		25.04.2013	215324011	WVWZZZ1KZDW......
AG	100052	1OB394		29.09.2010	599179460	W0L0AHL35A2......
AG	100054	1SC841		29.05.2020	683803741	JF1SKELL5LG......
AG	100055	1OB433		29.09.2011	599411768	W0L0SDL68B4......
AG	100056	385206	C	04.09.1974	045202240	1142581...
AG	100056	5189	M	01.05.1967	023215573	117655...

I use the following pattern:

filter {

      grok {
        match => { "message" => "%{DATA:1}\t%{DATA:2}\t%{DATA:3}\t%{DATA:4}\t%{DATA:5}\t%{DATA:6}\t%{DATA:7}" }
      }
    }

But every time it parses only the first line

Basically, it ignores change of lines and i dont want that.

Any help please?

Thank you

system · December 16, 2020, 7:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.