I am unable to find any example or document giving example of it , this code is from 2.4 version , what would be the equivalent in 5.5 ? I have tried "codec => multiline" but it gives syntax error in the "filter" section , it does work though in the "input" section.
filter (
multiline {
pattern => "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}"
negate => true
what => “previous”
}
The multiline filter has been deprecated. Use the multiline codec instead. There's an example in the multiline codec documentation.
yes I read that document and its was not clear to me how to use the new method , Is the filteration part moved to the input section like below ?
input (
codec => multiline {
pattern => "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}"
negate => true
what => “previous”
}
Yes.
then can you please take a look at my other post since I did exactly that but its creating two indexes and also other issues I have pointed out in my post
https://discuss.elastic.co/t/logstash-5-5-1-index-creation-issue/96828
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.