I am using logstash 2.3.1. I have created a config where I have used a multiline filter as one event in my log spans accross multiple lines.
Apart from other filters which I have in my config, my last filter is :
multiline {
pattern => "Phase\s\d"
negate => true
what => previous
periodic_flush => true
allow_duplicates => true
}
In this filter I want to club all lines into one field at the same time I do not want to remove any duplicates. The field in question contains record counts out of each component in a program, which can be similar. However when I get the output it is dedupped. Can anyone help on this?
I saw a few discussions where it was raised as a bug in version 1.4.2 and later some fix was put in place. Can anyone tell me if that fix worked and is that fix incorporated in the version I am using (version -2.3.1) .
I have tried to get the lines shorter. Please see if this helps:
Original post formated:
I am using logstash 2.3.1. I have created a config where I have used a multiline filter
as one event in my log spans accross multiple lines. Apart from other filters which
I have in my config, my last filter is :
multiline {
pattern => "Phase\s\d"
negate => true
what => previous
periodic_flush => true
allow_duplicates => true
}
In this filter I want to club all lines into one field at the same time I do not want to
remove any duplicates. The field in question contains record counts out of each component
in a program, which can be similar. However when I get the output it is dedupped. Can
anyone help on this?
I saw a few discussions where it was raised as a bug in version 1.4.2 and later some fix
was put in place. Can anyone tell me if that fix worked and is that fix incorporated in
the version I am using (version -2.3.1).
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.