Multiline example simulation issue

Hi

I tried simulating the multiline example given at link:

Below are my filebeat.yml details.

filebeat.prospectors:

# Each - is a prospector. Most options can be set at the prospector level, so
# you can use different prospectors for various configurations.
# Below are the prospector specific configurations.

#- input_type: log

- input_type: log 
  paths:
    - C:\ELK\*.log
  
  
  

multiline.pattern: '^[[:space:]]'
multiline.negate: false
multiline.match: after

But when I run and view the logs, the logs are coming in separate lines instead of single line. Can anyone please help. Below is the log that we are using:

Exception in thread "main" java.lang.NullPointerException
at com.example.myproject.Book.getTitle(Book.java:16)
at com.example.myproject.Author.getBookTitles(Author.java:25)
at com.example.myproject.Bootstrap.main(Bootstrap.java:14)

Can anyone please help.

Thanks

The multline configuration options need to be part of the prospector configuration (since these are not global options). So they should be indented at the same level as input_type and paths. For example:

--- 
filebeat.prospectors: 
  - 
    input_type: log
    multiline.match: after
    multiline.negate: false
    multiline.pattern: "^[[:space:]]"
    paths: 
      - "C:\\ELK\\*.log"

Thanks Andrew for your help.

My problem is not 100% resolved as the logs with multiline are now captured with enter key.

I am not sure how can I read enter key line break in logstash.

Can you please provide some inputs on this issue as well.

Thanks

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.