Monitoring svclog using filebeat

Gaurav_kr · May 24, 2022, 5:19pm

Hi All,
I am trying to find a way to monitor .svclog using filebeat. I can get the log but having some trouble like:

Unable to harvest svclog which has large log line not sure if we have any command to make sure all line in logs should be harvest whether it's size is large or not. I tried to use message_max_bytes but no luck, so wanted to know any way to make sure if log is large or not it should be harvest in filebeat
Getting a large xml log from svclog using filebeat as we know filebeat harvest log line by line that why it taking svclog (which is of xml family) in signle line, so we wanted to break the large log line into multiple lines logs

Rios · May 26, 2022, 2:27am

Are you using the decode_xml processor?
Have you set the max_bytes value?

Gaurav_kr · May 26, 2022, 7:07am

Hi Rios yes I did try decode_xml

decode_xml:
field: message
target_field: ""

And message_max_bytes: 10485760

But no luck my scvlog file is of 3-4mb and when opened with notepad it shows a single log line which should be harvested by Filebeat but that not happening but if I break the same single line log to multi line and save it then Filebeat is able to harvest the log.

So looks it's only unable to harvest a large line log.

And for parsing I tried decode_xml but no luck

system · June 23, 2022, 9:08am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.