Need to parse alert logs

Hi All,

I am new in ELK. I am trying to parse the below log file:

Logfile Body:

Tue Oct 18 18:04:01 2016
MMNL started with pid=20, OS id=5484
Tue Oct 18 18:04:01 2016
starting up 1 dispatcher(s) for network address '(ADDRESS=(PARTIAL=YES)(PROTOCOL=TCP))'...
starting up 1 shared server(s) ...
ORACLE_BASE from environment = C:\app\dadak
Tue Oct 18 18:04:02 2016
ALTER DATABASE MOUNT
Tue Oct 18 18:04:08 2016
Using default pga_aggregate_limit of 2048 MB

What I am trying to do is to split the kibana messages from one Timestamp to another.

Expected Result will be:

Message 1:
Tue Oct 18 18:04:01 2016
MMNL started with pid=20, OS id=5484

Message 2:
Tue Oct 18 18:04:01 2016
starting up 1 dispatcher(s) for network address '(ADDRESS=(PARTIAL=YES)(PROTOCOL=TCP))'...
starting up 1 shared server(s) ...
ORACLE_BASE from environment = C:\app\dadak

Message 3:
Tue Oct 18 18:04:02 2016
ALTER DATABASE MOUNT

Message 4:
Tue Oct 18 18:04:08 2016
Using default pga_aggregate_limit of 2048 MB

Can you let me know what kind of multiline pattern I should use??

Thanks in advanced...

Debashis

your logs always start with a timestamp. A Regex like '^.{3} .{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}' should match the timestamp. Checkout the multiline docs showing you example how you can configure and test multiline.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.