Multiline example simulation issue

Vivek_Sharma · August 17, 2017, 3:45pm

Hi

I tried simulating the multiline example given at link:

Below are my filebeat.yml details.

filebeat.prospectors:

# Each - is a prospector. Most options can be set at the prospector level, so
# you can use different prospectors for various configurations.
# Below are the prospector specific configurations.

#- input_type: log

- input_type: log 
  paths:
    - C:\ELK\*.log
  
  
  

multiline.pattern: '^[[:space:]]'
multiline.negate: false
multiline.match: after

But when I run and view the logs, the logs are coming in separate lines instead of single line. Can anyone please help. Below is the log that we are using:

Exception in thread "main" java.lang.NullPointerException
at com.example.myproject.Book.getTitle(Book.java:16)
at com.example.myproject.Author.getBookTitles(Author.java:25)
at com.example.myproject.Bootstrap.main(Bootstrap.java:14)

Can anyone please help.

Thanks

andrewkroh · August 17, 2017, 10:03pm

The multline configuration options need to be part of the prospector configuration (since these are not global options). So they should be indented at the same level as input_type and paths. For example:

--- 
filebeat.prospectors: 
  - 
    input_type: log
    multiline.match: after
    multiline.negate: false
    multiline.pattern: "^[[:space:]]"
    paths: 
      - "C:\\ELK\\*.log"

Vivek_Sharma · August 18, 2017, 10:28am

Thanks Andrew for your help.

My problem is not 100% resolved as the logs with multiline are now captured with enter key.

I am not sure how can I read enter key line break in logstash.

Can you please provide some inputs on this issue as well.

Thanks

system · September 15, 2017, 10:37am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.