I'm sending logs to a remote server via filebeat. Currently, each line of log is sent separately as a document. I want to send filebeat to send the log as one document till the loglevel of the next log is found. It is easily achievable in logstash but since filbeat only takes regex patterns. I found this regex "/(?:DEBUG|INFO|ERROR|WARN)[\s\S]+?(?=DEBUG|INFO|WARN|ERROR)/gm" but it gives me parse error.
Hi @saramali,
We offer a way to test multiline patterns beforehand, have a look to https://www.elastic.co/guide/en/beats/filebeat/6.2/_test_your_regexp_pattern_for_multiline.html
You can iterate over your regexp pattern until you find a match
Best regards
Thank you for replying.
I'm certain this regex works. I have tested it. It is something related to perl regex.
I seem to have escape characters in the regex string and when I use \ to escape them, the regex functionality breaks.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.