Filebeat "multiline.flush_pattern" is flushing the multiline line event starting with "multiline.pattern" and ending with "multiline.flush_pattern".
I am facing 2 issues with multiline.flush_pattern,
- The lines after "multiline.flush_pattern" are not stored in elasticsearch. I do not see those lines even in the filebeat debug logs.
- I expect the events that are not matching with multiline.flush_pattern to be stored in the elasticsearch but I do not see any of them in elasticsearch or in the filebeat debug logs
filebeat configuration-
config:
- type: container
paths:
- "/var/log/containers/*-${data.kubernetes.container.id}.log"
multiline.type: pattern
multiline.pattern: '^Received Parameters: request_data - {.*}$'
multiline.negate: true
multiline.match: after
multiline.flush_pattern: '^-I- DONE 1$'
My logfile actually starts with "Received Parameters: request_data - " and ends with a few more lines after "-I- DONE 1".
Please help me to find the cause of the issue and let me know if you need any more details.