How to handle overlapping logs with filebeat?

Amine_Maalfi · June 11, 2020, 10:36am

Hi everyone
is there a way to handle overlapping logs with filebeat? here's a sample of what i have:

[17/02/2020 07:53:27:748] 00000 I >> message1 (start of event)
[17/02/2020 07:53:27:751] 00000 I @ message2
[17/02/2020 07:53:27:785] 00004 I >> message1 (start of event)
[17/02/2020 07:53:27:787] 00004 I @ message2
[17/02/2020 07:53:27:811] 00004 I  < message3
[17/02/2020 07:53:27:812] 00004 I << message4 (end of event)
[17/02/2020 07:53:27:834] 00000 I  < message3
[17/02/2020 07:53:27:835] 00000 I << message4 (end of event)

an event starts with >> and end with << having the same thread number
thanks in advance!

ChrsMark · June 12, 2020, 8:00am

Hi!

From what I know, I dont think this is possible. Filebeat is a log parser that can handle multiline logs but not in a random order.

C.

system · July 10, 2020, 8:00am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Only Multiline lines that do match Beats filebeat	1	364	August 31, 2018
Filebeat multiline issue Beats filebeat	2	297	July 16, 2018
Filebeat multiline how to parse both structured and unstructured logs in a file? Beats filebeat	0	31	July 18, 2024
Filebeat - Multiline events Beats filebeat	3	411	November 19, 2019
Multiline / multipattern Beats filebeat	7	484	August 15, 2018

How to handle overlapping logs with filebeat?

Related topics