Multline in filebeat

Ganesh2303 · August 4, 2016, 10:57am

HI,
I'm just trying to split events from my log by using of multline concept. I have given my pattern to split the events but is failed to split and capturing entire data into single event in elasticsearch. Please find my pattern and input,

multiline:
pattern: "\d{4}-\d{2}"
negate: true
match: before

2016-08-03 16:17:04,350 [171] [hi
]
2016-08-03 16:17:04,350 [171] [hi
]
2016-08-03 16:17:04,350 [171] [hi
]

andrewkroh · August 4, 2016, 3:22pm

Try this:

    multiline:
      pattern: '\d{4}-\d{2}'
      negate:  true
      match:   after

system · August 25, 2016, 10:57am

This topic was automatically closed after 21 days. New replies are no longer allowed.