20170315:08:00:34:022156 xxxxx-[INFO]:-Dump status report
20170315:08:00:34:022156 xxxxx-[INFO]:----------------------------------------------------
20170315:08:00:34:022156 xxxxx-[INFO]:-Target database = xxx
20170315:08:00:34:022156 xxxxx-[INFO]:-Dump subdirectory = xxx
20170315:08:00:34:022156 xxxxx-[INFO]:-Dump type = Full database
20170315:08:00:34:022156 xxxxx-[INFO]:-Clear old dump directories = Off
20170315:08:00:34:022156 xxxxx-[INFO]:-Dump start time = xxx
20170315:08:00:34:022156 xxxxx-[INFO]:-Dump end time = 08:00:08
20170315:08:00:34:022156 xxxxx-[INFO]:-Status = COMPLETED
20170315:08:00:34:022156 xxxxx-[INFO]:-Dump key = 2xxx
20170315:08:00:34:022156 xxxxx-[INFO]:-Dump file compression = Off
20170315:08:00:34:022156 xxxxx-[INFO]:-Vacuum mode type = Off
20170315:08:00:34:022156 xxxxx-[INFO]:-Exit code zero, no warnings generated
20170315:08:00:34:022156 xxxxx-[INFO]:----------------------------------------------------
20170315:08:00:34:022156 xxxxx-[INFO]:-Dumping master config files
Check out the multiline timestamp example below.
https://www.elastic.co/guide/en/logstash/current/plugins-codecs-multiline.html
Right, but there is no specific indicator for me to consider multi lines as a single event. By looking at the above example, can you please specify how I can use an indicator or a regex pattern?
The pattern should be
codec => multiline {
pattern => "^\d\d\d\d\d\d\d\d:\d\d:\d\d:\d\d:\d\d\d\d\d\d
negate => true
what => previous
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.