Am using 5LK 5.6.4.
Beats => Logstash => ElasticSearch =>Kibana
I am collets server logs(using grok and mutate filter) and another one, I parse the whole XML in ELK(using multiline and XML filter plugin).
For Log: While beat collects data, It is not in proper order.
For XML: While too many events at the time it splits the XML
Where do you apply the multiline filtering? Multiline should be done in filebeat.
I use a multiline filter in logstash.
My filebeat send different type of files. I want multiline for a specific file type. If I apply multiline in filebeat is it impact all formate?
In case of errors, loadbalancing or filebeat processing multiple files, you can not guarantee correct order in Logstash. Doing multiline in filebeat preserves correct order.
If I apply multiline in filebeat is it impact all formate?
What do you mean by "impact all formate" ?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
