Multiline doesn't read last line

bertvervaele · March 30, 2017, 8:18am

I know this is a known problem but I can't find I there is already a solution to it.
So I want to read the oracle log file. This looks like this:

Sat Apr 09 10:13:17 2016
Archived Log entry 24018 added for thread 1 sequence 24444 ID 0xa5d45fc6 dest 1:
Sat Apr 09 10:18:05 2016
Completed checkpoint up to RBA [0x5f7d.2.10], SCN: 5443782313
Sat Apr 09 10:23:35 2016
Beginning log switch checkpoint up to RBA [0x5f7e.2.10], SCN: 5443860599
Thread 1 advanced to log sequence 24446 (LGWR switch)
  Current log# 2 seq# 24446 mem# 0: /oracle/PER/origlogB/log_g12m1.dbf
  Current log# 2 seq# 24446 mem# 1: /oracle/PER/mirrlogB/log_g12m2.dbf

my code:

input {
    file {
        path => "/oracle/FDG/saptrace/diag/rdbms/fdg/FDG/trace/alert_FDG.log"
        codec => multiline {
            pattern => "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}"
            negate => true
            what => "previous"
        }
    }
}

So the amount of lines is not always the same.
Is there another way to read the last line(s)?

warkolm · March 30, 2017, 8:36am

https://www.elastic.co/guide/en/logstash/current/plugins-codecs-multiline.html#plugins-codecs-multiline-auto_flush_interval might be what you want.

bertvervaele · March 30, 2017, 8:43am

Thank you for the quick answer.
auto_flush_interval was indeed what I needed

system · April 27, 2017, 8:43am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash Does Not Read In Last Line of Log Logstash	16	9409	July 6, 2017
Logstash multiline codec do not read all lines Logstash	3	222	September 30, 2022
Logstash multiline codec ignores last line of log file Logstash	1	225	September 10, 2021
File input not reading last line (Logstash) Logstash	1	439	January 8, 2020
Config file for multiple multi-line patterns? Logstash	9	2279	June 24, 2021

Multiline doesn't read last line

Related Topics