in principle you can configure multiline rules to match the whole file as a single event.
You may face some problems depending on how your scheduler writes its logs. For example filebeat needs that all lines are terminated by a new line, this is important to get the last line of a log file. Also, the file needs to be properly rotated, filebeat is not going to start reading from the beginning a file that it has already read.
Could you give more details on how these log files are written?
Yes the multiline could be the solution , but my logs are a bit different by machine.
For example , a log can begin by timestamp YYYY-MM-DD , or directly by functional details of the execution (a character) .. so it's difficult to determine a single pattern.. have you any idea ??
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.