My current Filebeat configuration is:
But it keeps combining all of them together:
As you can see my pattern consists of one letter and numbers:
2017-07-28T03:33:19.676-0500
Does anyone know what multiline.pattern would work best in this case?
Have you tested your pattern as described here?
Please do not post screenshots when it's possible to copy and paste the content. (It makes more work for anyone that wishes to help by testing your pattern against the logs.)
I have not thank you for that information, I will give that a try.
Sorry for the screen shot here is the text for my screen shots:
filebeat.prospectors:
- input_type: log
paths:
- c:\hoppr\Logs\hoppr.mongosa.27017\mongod.log
multiline.pattern: '^\[0-9]{4}-[0-9]{2}-[0-9]{2}'
multiline.negate: true
multiline.match: after
fields_under_root: true
fields:
type: mongodb
output.elasticsearch:
hosts: ["http://172.19.90.87:9200"]
index: hoppr-mongodb-%{+yyyy.MM.dd}
2017-06-19T02:58:46.558-0500 I NETWORK [initandlisten] waiting for connections on port 27017
2017-06-19T02:59:03.243-0500 I NETWORK [initandlisten] connection accepted from 127.0.0.1:49847 #1 (1 connection now open)
2017-06-19T02:59:03.980-0500 I NETWORK [initandlisten] connection accepted from 127.0.0.1:49850 #2 (2 connections now open)
2017-06-19T02:59:09.023-0500 I NETWORK [initandlisten] connection accepted from 127.0.0.1:49851 #3 (3 connections now open)
Try modifying your pattern to ^[0-9]{4}-[0-9]{2}-[0-9]{2} (remove the escaping from the first bracket).
Andrew that worked, thank you, it is matching correctly now.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.