GROK pattern to collect whole exception stacktrace

Elastic Stack Logstash
1

Hi All,
Below config file not capturing complete stacktrace, it is only collecting single line. Any suggestion how can collect whole stacktrace.

filter {

      #If log line contains tab character followed by 'at' then we will tag that entry as stacktrace
      if [message] =~ "\tat" {
        grok {
          match => ["message", "^(\tat)"]
          add_tag => ["stacktrace"]
        }
      }

      grok {
      match => [ "message",
               "%{DATESTAMP_EVENTLOG:timestamp}%{SPACE}%{LOGLEVEL:log_level}%{SPACE}%{WORD:method}%{SPACE}%{WORD:class_name}%{SPACE} (%{DATA:exceptiondetail}\n\t\n*%{GREEDYDATA:extralines})"]
      }
}

This is my exception stacktrace

20191118:15:26:23.976 [http-nio-8080-exec-24] ERROR  null
ERROR|2019-11-18 15:26:23|backendorg|16CFAFCCFB14D9A3|16E7DF11C8ACFF95|16E7DF11C89AA960||null
20191118:15:26:23.983 [http-nio-8080-exec-24] ERROR  java.lang.NullPointerException
	at com.abc.api.controller.SessionController.sessionAPI(SessionController.java:132)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:214)
	at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132
2

If you are using a file input use a multiline codec on an input. The documentation has an example of merging lines from a stacktrace.

If you are using filebeat do the multiline processing in the beat.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.