I have used multiline codec, but its not working as expected, I mean it is taking all lines between two lines, only it is taking 2 or 3 lines. And remaining lines are going with next event.
This is configuration file:
input {
file {
path => ["D:/Sample/*"]
start_position => "beginning"
sincedb_path => "/dev/null"
codec => multiline {
pattern => "^(\s)"
what => "previous"
}
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "sample-%{+YYYY.MM.dd}"
}
stdout {}
}