My multiline input codec is broken

ibrahimsharaf · April 12, 2017, 5:21pm

Hello I am using a multiline input codec to merge all the lines starting with either a whitespace or {' with the previous one, here's a snippet of my log file (http://codepad.org/vAMFhhR2), I want this snippet to be parsed as a single event.

here's my input section:

input {
    tcp {
        port => 5000
        codec => multiline {
            pattern => "^(\s|{')"
            what => "previous"
        }
    }
}

the codec processes the log above into 2 separate events (http://codepad.org/gNGvbi4j), (http://codepad.org/qvRjg925).

Can you point me to the problem?

ibrahimsharaf · April 12, 2017, 5:27pm

Another idea would be merging all the lines that don't start with a timestamp into the pervious line that has a timestamp, but I'm not sure how to code it.

system · May 10, 2017, 5:38pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Hello! I want to use multiline codec patterns in my use case.. Here I want to read the multiple lines as one event Logstash	2	228	September 13, 2019
I am using Multiline codec input plugin but the events which are not matching with my PATTERN it also processing those Events Logstash	2	120	September 21, 2023
Using multiline codec for python stacktrace Logstash	11	1126	October 5, 2019
Codec Multiline is not working for Kafka input plugin as expected Logstash	1	222	July 28, 2022
Multiline codec with file input Logstash	5	393	June 21, 2018

My multiline input codec is broken

Related topics