I want to put condition on input logs through filebeat using type of log but in input section we can't put if else condition if i am right ?
Suggest a method to apply multiline codec on a particular type of log only.
Do the multiline processing in Filebeat instead.
2 Likes
As i am new to this ELK stack. Suggest me something what to do ? Like changing propectors in filebeat ?
or if possible provide a good example or link of it with method related to this issue.
Thanks
After your guidance,
I did this in filebeat.yml file and changed the filebeat.prospectors
multiline:
pattern: '^%{WORD:}(%{NONNEGINT:}) captured on %{GREEDYDATA:}'
negate: true
match: after
but i don't know how to make same pattern in filebeat as i read here : Filebeat multiline codec not working in my case
"filebeat multiline pattern is not grok pattern as in logstash, but pure regular expressions."
Can you help me to convert this logstash pattern in filebeat pattern or regex format ?
Thanks
I suggest you ask Filebeat questions in the Filebeat category.
You are using grok expressions, which will not work in Filebeat. If you want help with multi-line configuration, I would also recommend including a log sample that shows a full multi-line event as well as a few events that comes after.
Issue is solved now ...... Thanks all for help.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.