Hello,
I have a log file which looks something like this:
2018-12-13 04:49:35,019 [thread: Start] INFO StateManager [(null)] (StartLogInfo) - StartLog passed info start
2018-12-13 04:49:35,020 [thread: Start] INFO StateManager [(null)] (StartLog) - abc= 20
2018-12-13 04:49:35,020 [thread: Start] INFO StateManager [(null)] (StartLog) - xyz = dg
2018-12-13 04:49:35,020 [thread: Start] INFO StateManager [(null)] (StartLog) - pqr = sdfsdfds
2018-12-13 04:49:35,020 [thread: Start] INFO StateManager [(null)] (StartLog) - lmn = A
2018-12-13 04:49:35,020 [thread: Start] INFO StateManager [(null)] (StartLog) - zczczxc = U
2018-12-13 04:49:35,021 [thread: Start] INFO StateManager [(null)] (StartLog) - dvdfd = cdc
2018-12-13 04:49:35,028 [thread: Start] INFO StateManager [(null)] (StartLog) - StartLog passed info end
It has got a start : 2018-12-13 04:49:35,019 [thread: Start] INFO StateManager [(null)] (StartLogInfo) - StartLog passed info start
and end : 2018-12-13 04:49:35,028 [thread: Start] INFO StateManager [(null)] (StartLog) - StartLog passed info end
markers.
I want to Combine all the events which are in between start and end to get it as a single message in order to get fields like abc, xyz, etc.
I tried using the multiline command in filebeat:
multiline.pattern: '.StartLog passed info startt.'
multiline.negate: false
multiline.match: before
multiline.flush_pattern: '.StartLog passed info end.'
I want to merge all the intermediate events and send it to Kafka, but its not working!
Can someone point out the mistake or give any solution to it?
It will be a great help!