I have an ELK implementation on a single server as a test box, I am receiving log data from a Mulesoft cluster via Filebeats at the source, received by Logstash at the server. When I view what should be a 3000+ line of log message in Kibana, I only get the first 500 lines.
Looking at the raw JSON document, I see the log.flag set to truncated multiline in the document.
How can I influence this behavior to allow all lines from the original message to pass unaltered?
Look at this doc page, multiline.max_lines defaults to 500.
Thanks Len. Looks like this should be pretty easy - I've added "multiline.maxlines: 4000" to the affected log entries. I should be able to modify them on server tomorrow and have the dev team test tomorrow as well.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.