Having an issue enabling proper multiline options for container logs

sloney · November 27, 2020, 8:45pm

Currently have these settings enabled, hoping to make all logs that start with a date like: 2020-11-27 to be in their own entry, including java stack traces.

multiline.type: pattern
multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'
multiline.negate: true
multiline.match: after

The result is lines showing up like this in one entry in Kibana:

2020-11-27 20:03:23.370 [INFO][48] felix/int_dataplane.go 1245: Applying dataplane updates
2020-11-27 20:03:23.371 [INFO][48] felix/wireguard.go 578: Wireguard is not enabled
2020-11-27 20:03:23.371 [INFO][48] felix/table.go 877: Invalidating dataplane cache ipVersion=0x4 reason="refresh timer" table="filter".

Anyone have an idea of how to configure this?

ChrsMark · November 30, 2020, 12:36pm

Hi!

It seems your defined pattern is not correct.
You can find multiline examples at https://www.elastic.co/guide/en/beats/filebeat/master/multiline-examples.html and also a playground to exepriment with your patterns.

Please give it a try and let us know!

Thanks!

system · December 28, 2020, 2:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Multiline usage Beats beats-module , filebeat	3	431	March 25, 2022
Filebeat multiline not working with autodiscover Beats filebeat	8	3773	October 14, 2019
Java multiline with add_docker_metadata Beats	5	336	June 5, 2018
Fixing Multiline Logs in Filebeat Beats docker , filebeat	4	646	April 28, 2020
Filebeat in Container mode + multiline Parser Beats filebeat	2	1227	January 7, 2023

Having an issue enabling proper multiline options for container logs

Related Topics