Hi all,
I have configured a parser to join the lines into one but it doesn´t work.
This is the configuration code:
filebeat.inputs:
# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.
- type: filestream
# Change to true to enable this input configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /root/ELK/input/logs/*.log
parsers:
- multiline:
type: pattern
pattern: '^[0-9]{4}'
negate: true
match: after
The log looks like this:
2024 Feb 07 14:48:29:905 GMT +0100 BW.Promociones-Process_Archive_AOTLXPRTIB00014 Info [BW-User] - Job-365623 [Procesos_GDP/09020/Operaciones/PC_Peticion_BSCSConsultas_03030.process/Group/Log Peticion a Enviar]: 07/02/2024 14:48:29 - TrackingId: i2Sj2ScfUxD1E-KviG-7fcVkbGI - Se va a publicar a BSCS: <ns0:C__03030__Peticion xmlns:ns0="http://www.tibco.com/xmlns/ae2xsd/2002/05/ae/AMENA/MOVILES/SERVICIOS/BSCSConsultas/C_03030">
<SourceMsgId>c24ce31c-b3cf-4aa1-9e4d-5187407bdeb0</SourceMsgId>
<SourceHost>TIBCO11P</SourceHost>
<Version>BW</Version>
<AppName>PasarelaBW6.GDP</AppName>
<Estado>0</Estado>
<FiltroGDP>09020</FiltroGDP>
<TimeStamp>2024-02-07T14:48:29.905+01:00</TimeStamp>
<IdAux>HTTP_IVR-pasarelaBW6</IdAux>
<TimeOut>0</TimeOut>
<FiltroRespuesta>09020</FiltroRespuesta>
<TimeStampOrigen>2024-02-07T14:48:29.887</TimeStampOrigen>
<MsisdnAmpliado>
<Msisdn>685236416</Msisdn>
</MsisdnAmpliado>
<IntervaloFechas>
<FechaInicio>20240207</FechaInicio>
<FechaFin>20240207</FechaFin>
</IntervaloFechas>
<Sistema>
<Sistema>IVR</Sistema>
</Sistema>
<Flag>
<Flag>N</Flag>
</Flag>
<Promocion>
<IdCatalogoCRM>4016</IdCatalogoCRM>
</Promocion>
</ns0:C__03030__Peticion>
Any ideas?
Regards