Hi everyone,
I am using filebeats to forward mysql logs to logstash , and it breaks the query to different lines. I want the complete query as a single entry unlike a single line the way logstash does.
What filter should be used ? I tried using multiline but didn't work.
A multiline filter or codec will work, but I strongly suggest that you use the newly introduced multiline feature in Filebeat. Joining lines that make up multiline messages should be done as close to the source as possible.
If you want more specific help you need to be more specific. What does the logs look like, what configuration have you tried, etc.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.