Dear Team,
Greetings. I'm new to Elastic/File beat.
I'm trying to read a log in the following pattern:
[2019-08-18 19:g19:50,787]-[NhdQWhb_Z3arvCz4zWh3hEo:1353000:10.142.125.44]-
POST /ncs/anc/ANC2250S.do METHOD=next
Operation :SUCCESSFUL
Returning forward to :/WEB-INF/pages/anc/ListAnnouncement.jsp
[2019-08-18 19:g19:58,388]-[NhdQWhb_Z3arvCz4zWh3hEo:1353000:10.142.125.44]-
POST /ncs/anc/ANC2250S.do METHOD=next
Operation :SUCCESSFUL
Returning forward to :/WEB-INF/pages/anc/ListAnnouncement.jsp
[2019-08-18 19:g20:04,421]-[NhdQWhb_Z3arvCz4zWh3hEo:1353000:10.142.125.44]-
POST /ncs/anc/ANC2250S.do METHOD=next
Operation :SUCCESSFUL
Returning forward to :/WEB-INF/pages/anc/ListAnnouncement.jsp
[2019-08-18 19:g20:12,536]-[NhdQWhb_Z3arvCz4zWh3hEo:1353000:10.142.125.44]-
POST /ncs/anc/ANC2250S.do METHOD=next
Operation :SUCCESSFUL
Returning forward to :/WEB-INF/pages/anc/ListAnnouncement.jsp
[2019-08-18 19:g20:22,331]-[NhdQWhb_Z3arvCz4zWh3hEo:1353000:10.142.125.44]-
POST /ncs/anc/ANC2250S.do METHOD=next
Operation :SUCCESSFUL
Returning forward to :/WEB-INF/pages/anc/ListAnnouncement.jsp
Having this config in filebeat.yml, can someone help to identify guide if any issue, as every single line capturing as seperate record and not as expected as single record until the next timeline.
filebeat.inputs:
- type: log
enabled: true
paths:- '/APP/PSS/Elastic/filebeat-7.2.1-linux-x86_64/UserActivity.log'
- '/APP/UAT2/prd/bancs/bancshome/logs/NCSOnline.log'
- '/prd/bancs/bancshome/logs/UserActivity.log'
#============================= Filebeat modules ===============================
filebeat.config.modules:
path: 'C:\Program Files\Filebeat\modules.d*.yml'
path: 'I:\ELK\filebeat\filebeat-7.2.0-windows-x86\modules.d*.yml'
reload.enabled: true
reload.period: 60s
multiline.pattern: '^[[0-9]{4}-[0-9]{2}-[0-9]{2}'
multiline.negate: false
multiline.match: after
#multiline.flush_pattern: 'Returning forward to :'
#==================== Elasticsearch template setting ==========================