Multiline codec and csv filter

Elastic Stack Logstash
1

This is source (2 logs)

172.16.110.11|ABC|!|@|#|abcd
abcdkasjdlaskd
asdsadlksadklsdakl |!|@|#|
123.123.11.1|ddaskd|!|@|#|skdlsadsakdljadd,vcmacl

askdlsad ask dkas dska d |!|@|#|

Seperator ==> | , |!|@|#|
Column ==> SrcIP, GroupID, Cookie

input {
file {
path => "/root/elastic/newline.txt"
start_position => "beginning"
stdin {
codec => multiline {
pattern => "\n"
negate => true
what => previous
}
}
sincedb_path => "/dev/null"
}
}

filter {
csv {
separator => "|*|!|#||"
columns => ["GroupID", "Cookie"]
quote_char => "Æ"
}
if [GroupID] {
csv {
separator => "|"
autogenerate_column_names => false
quote_char => "Æ"
}
}
}

But now work. Last field including many new lines. So how to solve this problem with multiline codec and csv filter ?

i think,

Firstly using codec "multiline" ==> Make an log with 1 line via multiline codec ==> Parsing with csv filter.

1 Like
2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.