Issue with filebeat multiline patterns

sfenman · May 26, 2020, 11:56am

Hello, I am trying to setup filebeat for some multiline application logs directly to ES. So a log entry is always starting with the word "Started" or with the word "Queued" and has different number of lines each time. My filebeat.yml configuration looks like this :

  multiline.pattern: '(Started) | (Queued)'
  multiline.negate: true
  multiline.match: after

But the result is that it takes almost all lines as a log entry. Is it something that I am doing wrong?

Thank you.

David_Oceans · May 26, 2020, 1:47pm

Should be great have a tool of elastic to paste your piece of log and try this multiline or even the regex like exclude lines o include lines.

system · June 23, 2020, 1:47pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Multiline Match Beats filebeat	3	399	October 29, 2018
Something wrong with multiline Beats filebeat	4	350	August 22, 2018
Multiline logs are not working using filebeat Beats filebeat	1	510	November 19, 2021
How can set multiline in filebeat Beats filebeat	4	165	June 6, 2024
Multiline read 2 times Beats filebeat	6	901	April 9, 2018

Issue with filebeat multiline patterns

Related topics