Logs with lime breaks not working with multiline

amruthapbhat · June 1, 2017, 3:29pm

I have a file in the below format
Ex:

This is the first line.

This is the second line.

I am using no pattern since I want all the lines in the text to send to Logstash which is around 2000 lines.

If the file is in the below format it works.
Ex:

This is the first line.
This is the second line.

If the file is in the above format multiline works.

Could you please help me out with this.

andrewkroh · June 2, 2017, 1:37am

Please provide the Filebeat prospector config that are you using.

amruthapbhat · June 2, 2017, 3:08am

filebeat:
  prospectors:

    -
      paths:
        - /home/ubuntu/containers.d/*/*.log

      input_type: log

      document_type: syslog

      multiline:
        match: after
        max_lines: 2000

amruthapbhat · June 6, 2017, 4:10am

Hi @andrewkroh,

Do you have any update on the above?

exekias · June 6, 2017, 9:54am

Please don't open 2 threads for the same issue

amruthapbhat · June 6, 2017, 11:00am

@exekias Sorry for the trouble

Topic		Replies	Views
Filebeat and Multiline Problem Beats filebeat	3	1194	September 14, 2016
File beat multiline is not working for XML type of files Beats filebeat	9	5251	July 5, 2017
Filebeat 1.2.0. multiline Beats filebeat	12	2173	July 5, 2017
Something wrong with multiline Beats filebeat	4	349	August 22, 2018
Filebeat 6.1.1 multiline is not working Beats filebeat	13	2404	February 21, 2018

Logs with lime breaks not working with multiline

Related Topics