Multiple patterns for Multiline Configuration?

TimTim · October 15, 2015, 11:07am

I am wondering if it is possible to have mulitple patterns in the multiline configuration or Logstash (running 1.4.5 at the moment)?

The reason is that we have several log files coming in that we want to go to the same output (Elasticsearch). But:

those logfiles have different syntaxes
all come from the same machine
input is set with tcp { ... } and use the same port

The online help doesn't mention anything about this ....

Or is there another way to catch the different logs at input so I can add a field or tag to be able to handle them during filter ???

warkolm · October 16, 2015, 6:14am

I don't think so.

Are the two different multiline events the same general pattern, eg same type/pattern/what? If so you could just grab each multiline event and then run separate groks on them?

TimTim · October 16, 2015, 7:06am

They have different patterns, which is my big problem.

But I solved it by sending them through another port. Then I can add a tag or field during input. Add the same "type" to them, but in the "filter" I can use if statements now based on the added tag/field and apply the different multiline patterns.
All goes to the same output now as I want.

Topic		Replies	Views
Solution for multiple patterns for multiline configuration Logstash	3	5917	July 6, 2017
[Need Help] Multiple pattern in one log file Logstash	5	1632	July 6, 2017
Want to match against single grok pattern and multiple patterns in same filter Logstash	1	257	September 23, 2020
Log event with multi-line Logstash	5	461	March 26, 2018
Using input field for pattern matching Logstash	2	424	July 6, 2017

Multiple patterns for Multiline Configuration?

Related topics