Logstash not picking up multiline logs

Ayesha · October 2, 2020, 4:47pm

Hi,

I am parsing a log file which has both multiline and singleline logs in it.
Here is a sample data

13-08-2020 11:15:41,278 DEBUG [org.jboss.as.config] (MSC service thread 1-7) Configured system properties:
	[Standalone] = 
	awt.toolkit = sun.awt.X11.XToolkit
13-08-2020 11:16:00,750 INFO  [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-1) WFLYJCA0004: Deploying JDBC-compliant driver class oracle.jdbc.OracleDriver (version 11.2)
13-08-2020 11:16:00,751 INFO  [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-1) WFLYJCA0004: Deploying JDBC-compliant driver class oracle.jdbc.OracleDriver (version 11.2)

I added below lines in my filebeat.yml file (Didn't add the codec in logstash because cannot add it under beats)

multiline.type: pattern
multiline.pattern: '^\s?[0-9]{2}-[0-9]{2}-[0-9]{4}'
multiline.negate: true (I tried false as well, didn't work)
multiline.match: after

The Grok pattern I am using inside logstash conf file is below

%{DATE:Date} %{TIME:Time} %{LOGLEVEL:LogLevel} \[%{GREEDYDATA:Provider}\] \(%{GREEDYDATA:Thread}\) %{GREEDYDATA:Message}

Any help would be greatly appreciated.
Thanks in advanceThis text will be hidden

Ayesha · October 6, 2020, 8:57am

My issue got resolved. I had to move multiline.pattern from filebeat.tml to the in config as I was using configs.

system · November 3, 2020, 8:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Multiline Pattern not Working Beats filebeat	1	516	October 7, 2019
Multiline is not working when i am sending logs to logstash through filebeat? Beats filebeat	5	777	July 2, 2017
Unable parse multiline pattern Logstash	3	261	March 25, 2020
Filebeat multiline configuration issue Beats filebeat	2	625	March 8, 2018
Parsing problems on logstash + filebeat Logstash	3	1236	July 6, 2017

Logstash not picking up multiline logs

Related topics