Hi there,
I'm having a problem with matching the whole file. So basically I want to have content of the whole in my "message" field. So I'm trying to use multiline in filter section. What pattern should I set? I tried pattern => "/.*./gm" but it doesn't work in my case. I also tried patter that doesn't exist in a file, still some input files split in multiple messages.
I'm trying to input regular nmap output file, -oN - option in nmap
Below is logstash conf file
input {
lumberjack {
port => 5001
type => "nmap-full"
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
filter {
if [type] == "nmap-full" {
multiline {
pattern => "/.*./gm"
negate => true
what => "previous"
stream_identity => "%{host}.%{file}.%{type}"
}
}
}
output {
# elasticsearch { hosts => "localhost"}
stdout {
codec => rubydebug
}
}