Hi, I have an issue with multiplying info about error message.
This is a filter which works (I guess it works correctly, because all errors, warning were catch properly):
filter {
grok {
match => { "message" => '%{NUMBER:thread}\t.+[^\s]\s\t%{LOGLEVEL:loglevel}\t%{TIMESTAMP_ISO8601:timestamp}\t%{DATA:text}n?(?m)(?(^\s+.+))' }
}
}
and when system notice an error/warning etc., Kibana shows me on Discover view more than 1 warning (info message which is exactly the same as the previous one), that something went wrong.
Do you know what kind of issue it can be?