Multiline support in logstash

HI,
Is it possible to send log4j multi-line logs as single event from logstash without filebeat? I tried the following multiline codec in logstash conf file and no luck

input {
file {
path => "/var/log/mylog.log"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601} "
negate => true
what => previous
}
}
}
and my logs look like below

2018-04-30 13:56:36.568|I|LAPTOP-S488JKMQ|PID|28D4B93014229C40492D55949BF6F77C|a1be60ad-e7ba-4831-bbdd-6fdfb3c6a502|9be580f4|org.apache.cxf.interceptor.AbstractLoggingInterceptor:253|Outbound Message

ID: 1
Response-Code: 500
Content-Type: application/json
Headers: {Content-Type=[application/json], Date=[Mon, 30 Apr 2018 08:26:36 GMT]}
Payload: The request failed due to an internal error.

2018-04-30 13:56:41.452|I|LAPTOP-S488JKMQ|PID|28D4B93014229C40492D55949BF6F77C|366eac6c-60cd-4948-b827-469451600c19|9be580f5|org.apache.cxf.interceptor.AbstractLoggingInterceptor:253|Inbound Message

Thanks in advance,
Sonu

It doesn't look like there should be a space after the timestamp.

Thanks Magnus for the reply.

I tried without space also. But no luck.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.