Hello All,
Thanks in advance!
I want to handle multi line logs at filebeat level. I have 4 type multiline logs. How we can handle all of them with filebeat. I know how we can manage single type of multiline logs. e.g
As per below example my multiline log started [. But how we can manage multiple type of multiline logs?
multiline:
pattern: '^\['
negate: true
match: after
If every log file will only use one type of multiline log, the recommended way of doing it would be to declare multiple inputs of type log, each with different multiline settings and reading from different files.
If a single log file can have more than one type of multiline, it is only possible if each multiline can be defined with the same settings (negate and match) and the patterns can be merged into one without creating conflicts.
For example if your multilines can start with the '[' character or with the '(' character, you can do:
multiline:
pattern: ^[[(]
negate: true
match: after
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.