Multiline codec and csv filter

Yimjunhyeok · July 6, 2017, 5:10am

This is source (2 logs)

172.16.110.11|ABC|!|@|#|abcd
abcdkasjdlaskd
asdsadlksadklsdakl |!|@|#|
123.123.11.1|ddaskd|!|@|#|skdlsadsakdljadd,vcmacl

askdlsad ask dkas dska d |!|@|#|

Seperator ==> | , |!|@|#|
Column ==> SrcIP, GroupID, Cookie

input {
file {
path => "/root/elastic/newline.txt"
start_position => "beginning"
stdin {
codec => multiline {
pattern => "\n"
negate => true
what => previous
}
}
sincedb_path => "/dev/null"
}
}

filter {
csv {
separator => "|*|!|#||"
columns => ["GroupID", "Cookie"]
quote_char => "Æ"
}
if [GroupID] {
csv {
separator => "|"
autogenerate_column_names => false
quote_char => "Æ"
}
}
}

But now work. Last field including many new lines. So how to solve this problem with multiline codec and csv filter ?

i think,

Firstly using codec "multiline" ==> Make an log with 1 line via multiline codec ==> Parsing with csv filter.

system · August 3, 2017, 5:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Multiline codec issue Logstash	1	1058	July 6, 2017
[Multiline]Data following newline is ignored Logstash	5	1440	September 3, 2019
Multilined csv error while parsing Logstash	1	162	November 7, 2023
Multi line CSV Log Logstash	3	1644	April 13, 2018
Problem with codec multiline Logstash	1	557	July 6, 2017

Multiline codec and csv filter

Related topics