Logstash multiline codec plugin

hello,

Im trying to use the multiline codec plugin to merge input log that contains several lines into one line within a textfile.

config file:
input {

file {
path => "C:\Users\bob\Downloads\data\error_test.txt"
start_position =>"beginning"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601} "
negate => true
what => "previous"

}
}
}

filter {
grok{
match => ["message", "%{TIMESTAMP_ISO8601:logdate} %{LOGLEVEL:loglevel} %{GREEDYDATA:messsage}"]
}
date {
match => ["logdate", "yyyy-MM-dd HH:mm:ss,SSS", "ISO8601"]
}

}

output{
stdout { codec => rubydebug }
elasticsearch { hosts => ["localhost:9200"]
index=> "error_test"
}
stdout { codec => rubydebug }
}

After running config file in shell it shows that pipelines are running and no errors are shown.However stdout are not printed within the shell running Logstash and no results are found for the particular index on kibana.Please advice thanks.

Perhaps Logstash thinks it has already processed the file and is waiting for more input. Setting sincedb_path => "nul" in the file input will clear that.

thanks for the feedback.I have tried setting in file input sincedb_path => "nul" and also sincedb_path => "/dev/null" however the same issue still persists

Things to try:

• Remove the multiline codec.
• Use forward slashes instead of backslashes in the path to the logfile.
• Increase Logstash's loglevel and search for "error_test.txt" in the Logstash log.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.