Hi, I have a log line in multiline pattern and my grok parser is only parsing one line of the log and ignoring the others. How this can be fixed to include the complete message?
filebeat.inputs:
- type: log
enabled: true
paths:
- /path/to/log/file.log
fields:
kafka_topic_name: my_topic
attributes.log_source: file1
fields_under_root: true
multiline.pattern: '^\d{4}-\d{2}-\d{2}\s+\d{2}:\d{2}:\d{2}\.\d{3}'
multiline.negate: true
multiline.match: after
processors:
- grok:
when:
equals:
attributes.log_source: file1
field: message
patterns:
- '%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} %{DATA:class} %{DATA:thread} %{GREEDYDATA:message}'
Sample log line:
2024-07-09 10:28:08.691 INFO de.connect.mv.core [ThreatPool] inbound Message
-------------------
ID:6
ResponseCode: 200
Encoding: null
Content-type: app/json
Header: {Date=[Tue, 09 Jul 2024 08:23 GMT],
Payload: "{cstmrdata}"
and my grok pattern is only matching following pattern of the log line:
2024-07-09 10:28:08.691 INFO de.connect.mv.core [ThreatPool] inbound Message