Monitoring svclog using filebeat

Gaurav_kr · May 24, 2022, 5:19pm

Hi All,
I am trying to find a way to monitor .svclog using filebeat. I can get the log but having some trouble like:

Unable to harvest svclog which has large log line not sure if we have any command to make sure all line in logs should be harvest whether it's size is large or not. I tried to use message_max_bytes but no luck, so wanted to know any way to make sure if log is large or not it should be harvest in filebeat
Getting a large xml log from svclog using filebeat as we know filebeat harvest log line by line that why it taking svclog (which is of xml family) in signle line, so we wanted to break the large log line into multiple lines logs

Rios · May 26, 2022, 2:27am

Are you using the decode_xml processor?
Have you set the max_bytes value?

Gaurav_kr · May 26, 2022, 7:07am

Hi Rios yes I did try decode_xml

decode_xml:
field: message
target_field: ""

And message_max_bytes: 10485760

But no luck my scvlog file is of 3-4mb and when opened with notepad it shows a single log line which should be harvested by Filebeat but that not happening but if I break the same single line log to multi line and save it then Filebeat is able to harvest the log.

So looks it's only unable to harvest a large line log.

And for parsing I tried decode_xml but no luck

Topic		Replies	Views
Unable to parse svclog using filbeat Beats filebeat	4	361	May 31, 2022
Increase Size Limit of logs Logstash	5	4504	April 11, 2017
Filebeat send snippet of xml Beats filebeat	7	430	May 29, 2024
Filebeat 5.0 doesn't work for large files Beats filebeat	8	2865	December 6, 2016
Filebeat does not read the large log file Beats filebeat	2	867	November 8, 2018

Monitoring svclog using filebeat

Related topics