How to write multiline codec for python stacktrace

below is how my log is captured

[2021-09-17 14:24:16,527] [ERROR] [app][MainThread] [5d9b63a9-dc4d-4756-af87-eba4fb275584] [log_exception:1440] : Exception on /download_request_data [GET]
Traceback (most recent call last):
  File "xxxxladjfalkjdlakjdflkajf\alkajdjlkajflka\venv\lib\site-packages\flask\app.py", line 2051, in wsgi_app
    response = self.full_dispatch_request()
  File "xxxxladjfalkjdlakjdflkajf\alkajdjlkajflka\venv\lib\site-packages\flask\app.py", line 1501, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "xxxxladjfalkjdlakjdflkajf\alkajdjlkajflka\venv\lib\site-packages\flask\app.py", line 1499, in full_dispatch_request
    rv = self.dispatch_request()
  File "xxxxladjfalkjdlakjdflkajf\alkajdjlkajflka\venv\lib\site-packages\flask\app.py", line 1485, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
  File "xxxxladjfalkjdlakjdflkajf\alkajdjlkajflka\.\app.py", line 351, in download_request_data
    zip_file.writestr(file)
TypeError: writestr() missing 1 required positional argument: 'data'

i want the first line and rest of the lines have trace info - part of one message or event.

If your multiline messages always start with a square bracket and a date then you could try

codec => multiline { pattern => "^\[\d{4}" negate => true what => previous auto_flush_interval => 1 }

It worked ..thanks a ton for the quick response.. One last thing. I'm new to this elk stack. Any good resources/books - to understand to write grok patterns/regex.. if you can provide me the resources that will be really helpfulll..

Currently i'm going through a lot of blogs/articles. One Book/video tutorial that can help me get my fundamentals right, that will be really great.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.