I have an ELK implementation on a single server as a test box, I am receiving log data from a Mulesoft cluster via Filebeats at the source, received by Logstash at the server. When I view what should be a 3000+ line of log message in Kibana, I only get the first 500 lines.
Looking at the raw JSON document, I see the log.flag set to truncated multiline in the document.
How can I influence this behavior to allow all lines from the original message to pass unaltered?
Look at this doc page, multiline.max_lines defaults to 500.
Thanks Len. Looks like this should be pretty easy - I've added "multiline.maxlines: 4000" to the affected log entries. I should be able to modify them on server tomorrow and have the dev team test tomorrow as well.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.