Hi , I am using Logstash to parse and filter the data. The input data looks something like this:

------------------------------------------------------
Environment File - 12/07/2018 09:31:19
------------------------------------------------------
-- File Name:  org/apache/catalina/core/ContainerBase/jboss/web/default-host/........... Path
------------------------------------------------------
Reading Environment Error File - 12/07/2018 09:31:19
------------------------------------------------------
-- File Name: org/apache/catalina/core/ContainerBase/jboss/web/default-host/.....
org/apache/catalina/core/ContainerBase/jboss/web/default-host........
.....Path.  Fri Dec  7 09:31:18 2018

Lock failed on recovery file org/apache/catalina/core/ContainerBase/jboss/web/default-host/
because the .......
....... text.

------------------------------------------------------
Reading Error  Files - 12/07/2018 09:31:19
------------------------------------------------------

The Error message contains multiple lines and no common pattern. How to filter Errors only from logs ?

This is a multi-line log. How are you consuming this data?

Filtering data should ideally be done as close to the source of data. If you are using Filebeat, they have multi-line support. You could use the regex check to consume only the data that you need.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.