GROK filter throws ERROR

I didn't quite get, can you please explain.

In a previous post I linked to the Filebeat documentation's collection of examples for various kinds of multiline logs. Follow the example in the Timestamps section.

1 Like

These are the patterns for filebeat.yml file. So in a multifile input configuration for each of the files I have to apply multiple patterns (just thinking wont it override). Also there is no configuration on logstash end. This is my understanding is it correct ?

These are the patterns for filebeat.yml file.

Yes.

So in a multifile input configuration for each of the files I have to apply multiple patterns (just thinking wont it override).

Yes, if you have different log formats you'll likely need different multiline configuration.

Also there is no configuration on logstash end.

Not for multiline, no.

I cant thank you enough. but still "thank you" :slight_smile:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.