I'm pretty new here and I am experimenting with ELK. One thing I couldn't figure out until now is: How can I parse a log line by line with each line becoming its own event?
For example, I have a log file which looks like this:
! 123 ! 456 ! abc ! def ! 009 !
! 123 ! 456 ! abc ! def ! 009 !
! 123 ! 456 ! abc ! def ! 009 !
! 123 ! 456 ! abc ! def ! 009 !
Each line has the same build up but I don't want it to be processed as "multiline". How can I process the logfile in a way that each line becomes it's own message?
Hi Kaiyan_Sheng,
Already solved it. It was a misconfiguration within the Filebeat still having a multi-line parameter active
After deleting, it worked fine!
Would you mind providing the filebeat.yml file? We are also facing the similar issue. After excluding the multi-line parameter the lines were not coming in the log. But the problem is if we add the multiline parameter in filebeat.yml we should be getting the logs but it should be coming in single line rather than multiple line. Need your help. Any help would be appreciated.
Thanks for quick response. We are using logfile as input which is collected from different sources and filebeat formats the nginx log before forwarding to graylog. The problem is for some misconfigurations of filebeat which result in multiline. Need your help in fixing this issue.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
