How to create fields containing info from different lines when using the multiline codec?

I'm using Java Tomcat logs as input and I'm trying to save the relevant info for each log into Elasticsearch.

A single log might look like this:

[timestamp]
[log_level] - [error short description]
[stack trace] (containing tens of lines, depending on the error)

If I use the multiline codec to save each log, it saves the whole message, from timestamp to the end of the stack trace.

Is it possible to create different fields to save relevant info? I'd like to have fields like timestamp, log_level, and maybe filter the stack trace to show the most relevant lines.

Yes, but your requirements definition is rather fuzzy. Can you give some sample events and say what you want extracted from them?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.