Logs with lime breaks not working with multiline

amruthapbhat · June 1, 2017, 3:29pm

I have a file in the below format
Ex:

This is the first line.

This is the second line.

I am using no pattern since I want all the lines in the text to send to Logstash which is around 2000 lines.

If the file is in the below format it works.
Ex:

This is the first line.
This is the second line.

If the file is in the above format multiline works.

Could you please help me out with this.

andrewkroh · June 2, 2017, 1:37am

Please provide the Filebeat prospector config that are you using.

amruthapbhat · June 2, 2017, 3:08am

filebeat:
  prospectors:

    -
      paths:
        - /home/ubuntu/containers.d/*/*.log

      input_type: log

      document_type: syslog

      multiline:
        match: after
        max_lines: 2000

amruthapbhat · June 6, 2017, 4:10am

Hi @andrewkroh,

Do you have any update on the above?

exekias · June 6, 2017, 9:54am

Please don't open 2 threads for the same issue

amruthapbhat · June 6, 2017, 11:00am

@exekias Sorry for the trouble