We are new to Elastic. We are using the Elastic Agent and are using Fleet management. We have a number of logs events coming in as separate documents. We are interested in setting up multiline parsing.
However, this document discusses updating the filebeat.yml file. We are not using Filebeat directly. I'm wondering how to setup multiline parsing with the Elastic Agent and Fleet setup. Does anyone have any thoughts?
You need to use the Custom Log Integration, while configuring this integration in Fleet you have an option to provide some yaml config, then you can use the multiline described in the Filebeat documentation.
Unfortunately the documentation for Elastic Agent is not that good, there are a lot of things missing and basically it has zero examples, but since Elastic Agent will run a filebeat instance under the hoods, almost everything you can do with filebeat you also can do with Elastic Agent.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.