Multiple patterns for Multiline Configuration?

TimTim · October 15, 2015, 11:07am

I am wondering if it is possible to have mulitple patterns in the multiline configuration or Logstash (running 1.4.5 at the moment)?

The reason is that we have several log files coming in that we want to go to the same output (Elasticsearch). But:

those logfiles have different syntaxes
all come from the same machine
input is set with tcp { ... } and use the same port

The online help doesn't mention anything about this ....

Or is there another way to catch the different logs at input so I can add a field or tag to be able to handle them during filter ???

warkolm · October 16, 2015, 6:14am

I don't think so.

Are the two different multiline events the same general pattern, eg same type/pattern/what? If so you could just grab each multiline event and then run separate groks on them?

TimTim · October 16, 2015, 7:06am

They have different patterns, which is my big problem.

But I solved it by sending them through another port. Then I can add a tag or field during input. Add the same "type" to them, but in the "filter" I can use if statements now based on the added tag/field and apply the different multiline patterns.
All goes to the same output now as I want.

Topic		Replies	Views
Want to match against single grok pattern and multiple patterns in same filter Logstash	1	257	September 23, 2020
Multiple Grok pattern filters arent filtering multiple logs in one logstash file Logstash	8	3579	February 13, 2020
Logstash: configure multiline configuration for specific type of logs only Logstash	6	41	August 9, 2024
Logstash multiline pattern not working Logstash	3	373	June 9, 2021
Logstash grok multiple pattern , multi-line Logstash	2	300	March 19, 2021

Multiple patterns for Multiline Configuration?

Related Topics