I am trying to group Error logs which having stacktrace information using multiline filter. Not sure how to set pattern correctly. Kindly help me to config the correct pattern.
This is my logging pattern,
INFO | 2023-04-10 16:49:07, 721 | DI.Jobs.TcpListenerProcess | TcpListenerProcess | EstablishConnection | 0 | Establishing Connection - RemoteIP- ;Port-
ERROR | 2023-04-10 16:49:07, 703 | DI.Jobs.TcpListenerProcessBiDirection | TcpListenerProcessBiDirection | EstablishConnection | 0 | Server Port : | Client IP : | Error in EstablishConnection|System.Net.Sockets.SocketException (0x80004005): The requested address is not valid in its context
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
at System.Net.Sockets.TcpListener.Start(Int32 backlog)
at DI.Jobs.TcpListenerProcessBiDirection.EstablishConnection(String RemoteIP, Int32 RemotePort, General oGeneral, ILog LoggerObject)
INFO | 2023-04-10 16:49:07, 745 | DI.Helper.Common.AuditHelper+<>c__DisplayClass0_0 | AuditHelper+<>c__DisplayClass0_0 | <ConnectivityAudit>b__0 | 0 | Sending Connectivity Audit | JOB ID :54602046-5eed-47ca-827a-c1091f1ada92,job | Connectivity Status : False
INFO | 2023-04-10 16:49:07, 746 | Server.Jobs.Integration | Integration | Execute | 0 | String[] {}
ERROR | 2023-04-10 16:49:07, 744 | DI.Jobs.TcpListenerProcess | TcpListenerProcess | EstablishConnection | 0 | Job ID :5b2b328c-d988-4e95-9e49-78b99db6cbfc,jobServer Port : | Client IP : | Error in EstablishConnection|System.Net.Sockets.SocketException (0x80004005): The requested address is not valid in its context
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
at System.Net.Sockets.TcpListener.Start(Int32 backlog)
at DI.Jobs.TcpListenerProcess.EstablishConnection(String RemoteIP, Int32 RemotePort, General oGeneral, ILog LoggerObject)
INFO | 2023-04-10 16:49:07, 755 | DI.Jobs.TcpListenerProcess | TcpListenerProcess | EstablishConnection | 0 | Establishing Connection - RemoteIP- ;Port-
ERROR | 2023-04-10 16:49:07, 757 | DI.Jobs.TcpListenerProcess | TcpListenerProcess | EstablishConnection | 0 | Job ID :27eebba8-ed26-4822-a6d9-a98aa81dff22,jobServer Port : | Client IP : | Error in EstablishConnection|System.Net.Sockets.SocketException (0x80004005): The requested address is not valid in its context
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
at System.Net.Sockets.TcpListener.Start(Int32 backlog)
at DI.Jobs.TcpListenerProcess.EstablishConnection(String RemoteIP, Int32 RemotePort, General oGeneral, ILog LoggerObject)
ERROR | 2023-04-10 16:49:07, 756 | DI.Jobs.TcpListenerProcess | TcpListenerProcess | StartProcess | 0 | System.IO.IOException: The process cannot access the file 'C:\ProgramData\Application\TempFiles\connectivity.json' because it is being used by another process.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.StreamWriter.CreateFile(String path, Boolean append, Boolean checkHost)
at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize, Boolean checkHost)
at System.IO.File.InternalWriteAllText(String path, String contents, Encoding encoding, Boolean checkHost)
at Monitor.Engine.Utility.JobConnectivityLogger.JobConnectivityAuditer(String JobID, Boolean connectivityStatus)
at DI.Jobs.TcpListenerProcess.EstablishConnection(String RemoteIP, Int32 RemotePort, General oGeneral, ILog LoggerObject)
at DI.Jobs.TcpListenerProcess.StartProcess(String RemoteIP, String LocalIP, Int32 LocalPort, Int32 RemotePort, MachineConfiguration oMachineConfiguration, ILog LoggerObject)
INFO | 2023-04-10 16:49:07, 763 | Server.Jobs.Integration | Integration | Execute | 0 | String[] {FWC-3 | Exiting}
INFO | 2023-04-10 16:49:07, 752 | DI.Helper.Common.AuditHelper+<>c__DisplayClass0_0 | AuditHelper+<>c__DisplayClass0_0 | <ConnectivityAudit>b__0 | 0 | Sending Connectivity Audit | JOB ID :5b2b328c-d988-4e95-9e49-78b99db6cbfc,job | Connectivity Status : False
There are total of 10 log entries, but while filtering I am getting only 2 log entries.
This is my logstash config for multiline filter,
multiline {
pattern => "(^.+Exception: .+)|(^s+at .+)"
what => "previous"
negate => "true"
}
Logstash Output to ES
Kindly suggest me to separate, each log-level as separate entries in Elasticsearch.