I have a log file that record multi-event log (multiline log). How to config logstash to match same pattern into one. I try to grok with option break_on_match => false but not working
18:16:16.075 Customer selected choice : C
18:16:17.406 >>--------------------------------->>
18:16:17.406 Customer In --->
18:16:21.207 Customer selected choice : C
18:16:25.904 Customer selected choice : C
18:16:28.778 Customer selected choice : B
18:16:36.665 Customer selected choice : REMOVE
18:16:42.600 Shutter Opening
18:22:49.067 Customer Out <---
18:22:49.067 <<---------------------------------<<
my grok config
grok {
patterns_dir => "C:\Program Files\ELK\LogStash\pattern"
match => { "message" => ["(?m)%{TIME} Customer selected choice : %{WORD:choice}%{SPACE}"] }
}
output I got
{
"TIME": [
[
"18:16:16.075"
]
],
"HOUR": [
[
"18"
]
],
"MINUTE": [
[
"16"
]
],
"SECOND": [
[
"16.075"
]
],
"choice": [
[
"C"
]
]
}
output I want
{
choice : [ 'C','C','C','B','REMOVE']
}