Multiline codec and csv filter

Yimjunhyeok · July 6, 2017, 5:10am

This is source (2 logs)

172.16.110.11|ABC|!|@|#|abcd
abcdkasjdlaskd
asdsadlksadklsdakl |!|@|#|
123.123.11.1|ddaskd|!|@|#|skdlsadsakdljadd,vcmacl

askdlsad ask dkas dska d |!|@|#|

Seperator ==> | , |!|@|#|
Column ==> SrcIP, GroupID, Cookie

input {
file {
path => "/root/elastic/newline.txt"
start_position => "beginning"
stdin {
codec => multiline {
pattern => "\n"
negate => true
what => previous
}
}
sincedb_path => "/dev/null"
}
}

filter {
csv {
separator => "|*|!|#||"
columns => ["GroupID", "Cookie"]
quote_char => "Æ"
}
if [GroupID] {
csv {
separator => "|"
autogenerate_column_names => false
quote_char => "Æ"
}
}
}

But now work. Last field including many new lines. So how to solve this problem with multiline codec and csv filter ?

i think,

Firstly using codec "multiline" ==> Make an log with 1 line via multiline codec ==> Parsing with csv filter.

system · August 3, 2017, 5:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[Multiline]Data following newline is ignored Logstash	5	1435	September 3, 2019
Multilined csv error while parsing Logstash	1	162	November 7, 2023
Add multiline codec issue on logstash Logstash	6	320	June 27, 2023
Codec Multiline is not working for Kafka input plugin as expected Logstash	1	222	July 28, 2022
Input codec=>multiline with filter csv not behaving as expected Logstash	5	1627	August 25, 2019

Multiline codec and csv filter

Related Topics