Logs Cascading issue with syslog and logstash multiline configuration in ELK setup

sohanc · September 9, 2015, 7:26am

when json log input to logstash server...

example json log contain long message feild, probably multiple line for a parameter...We need to used multi line plugin to parse that in logstash server. If the shipper is syslog.
logstash capture json logs show incosistant behavious..some logs get merged to other set and json log inconsistance visible for those logs message. either some message get clubbed or broked(half message ) stored in eleastic search db through logstash server. this happen due to incorrect parsing.
So syslog and multiline doestn work as expected.

tcp appender do maintain correct sequence and streaming of logs and same can be captured to logstash server without multiline plugin.

Topic		Replies	Views
Logs are not displaying in order Logstash	50	6054	May 1, 2017
Multiline filter - Missing logs Elasticsearch	4	1661	July 5, 2017
Multiple logs are concatenated to single event by Logstash Logstash	3	739	October 19, 2020
Bleeding of separate log files into single event when using codec multiline Beats filebeat	5	1297	December 28, 2016
Multiline probelm with Syslog+log4js combination Logstash	2	1302	July 6, 2017