i want to grep the multilines from the logs. and am using multiline codec in my config file.. Below are the sample pattern and config file
sample logs:
--------------------------------------
17 Jul 2019 00:15:00,403 | INFO | Thread-186940 | net.sf.json.xml.XMLSerializer 736 | 1050 - hermes.NMX_AlarmInfo_GetKPI - 1.2.0 | Using default type string
17 Jul 2019 00:15:00,404 | INFO | 970074601-766148 | eptor.AbstractLoggingInterceptor 276 | 38 - org.apache.cxf.cxf-core - 3.2.4 | Outbound Message
---------------------------
ID: 714439
Response-Code: 200
Content-Type: application/xml
Headers: {Content-Type=[application/xml], Date=[Tue, 16 Jul 2019 23:15:00 GMT]}
Payload: [{"period_start_time":"2019-07-07 16:00:00","rnc":"236","site_id":"42596","cell_id":"42596E6","kpi_value":"0.00000000000000000000"},{"period_start_time":"2019-07-07
--------------------------------------
In the above logs, i want to grep everything except the below line.
"17 Jul 2019 00:15:00,403 | INFO | Thread-186940 | net.sf.json.xml.XMLSerializer 736 | 1050 - hermes.NMX_AlarmInfo_GetKPI - 1.2.0 | Using default type string"
That means i need to grep the line which is having Inbound/outbound message as starting pattern and end with payload
Can any one help on this , how to skip the first line
My config file:
input {
file {
path => "/etc/logstash/ESB1_Request_Response.log"
sincedb_path => "/dev/null"
start_position => "beginning"
codec => multiline {
pattern => "--------------------------------------"
negate => true
what => "previous"
}
}
}
filter {
mutate {
gsub => [
"message", "--------------------------------------\n", "",
"message", "---------------------------\n", "",
"message", '\n', "",
"message", '\n', "",
"message", '-ID:',"ID:"
]
}