```multiline.pattern: '^<Entry|^=[a-z]'
multiline.negate : false
multiline.match: after```
My logstash.conf
input{
beats {
port => 5044
}
}
filter{
xml{
source => message
store_xml => true
target => "doc"
xpath => ["/Eventlog[@name='ThreadId']@value", "ThreadId",
"/Eventlog[@name='Thread']@value", "Thread",
"/Eventlog[@name='Secs']@value", "Seconds",
"/Eventlog/Entry/text()", "details"
]
}
Now my question is, I was able get every line in the above xml in a each message, but i'm unable to get all the log lines in a single message.
Anyone can assist ?
Thanks
Reply
This topic will close a month after the last reply.
Bookmark Share Flag Reply
Watching
You will receive notifications because you created this topic.
Suggested Topics
| Topic | Replies | Views | Activity |
|---|---|---|---|
| Unable to start elasticsearch after creating cert for http communication 3 |
stack-security|15|159|Apr 5|
|How to remove agent.* and ecs.version?
Filebeat|3|19|1h|
|Help needed for setup.template.append_fields usage
Filebeat|0|7|5h|
|Multiline JSON not importing to fields in ElasticSearch - do I need Logstash?
Filebeat|0|11|5h|
|【filebeat output.file】when the output filebeat has been deleted,it wont be created agian automatically
There are 2 unread and 211 new topics remaining, or browse other topics in Filebeat
© 2018. All Rights Reserved - Elasticsearch
- Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
- Trademarks
- Terms
- Privacy
- Brand
- Code of Conduct
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.