No output when using multiline codec from stdin

Elastic Stack Logstash
1

I have recently started using logstash and am trying to build a sandbox environment to test different parsing.

I have built a test.config file using stdin and cat a data file through it to get stdout display of outcome. Using the same data file I get output (although not knowing of multiline) when input codec of multline is removed and I get no output when it is in config.

Config file
input { stdin { codec => multiline { pattern => "^%{TIMESTAMP_ISO8601} " negate => "true" what => "previous" } } }

output { stdout { codec => rubydebug } }

filter {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:sourceTimestamp} [%{NUMBER:threadId}] %{LOGLEVEL:level} %{GREEDYDATA:tempMessage}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
date {
match => [ "sourceTimestamp", "yyyy-MM-dd HH:mm:ss,SSS" ]
}
if [source] =~ /core1ui1/ or [source] =~ /core1ui2/ {
mutate {
add_tag => [ "WebService" ]
}
}
}

Data being cat'ed into logstash.
2017-02-01 08:00:00,114 [126925] DEBUG FixedSqlMembershipProvider - Executing command: Type=StoredProcedure
-- begin statement parameters

2

Can you try removing the double quotes from negate line in multiline filter ie., negate => true

3

That was originally how I had it and it didn't work, so I searched a few suggestions that said quotes might fix it. With or without double quotes, still no output.
thanks for the suggestion .

4

Can you send the sample log file if possible.

5

2017-02-01 08:00:00,114 [126925] DEBUG FixedSqlMembershipProvider - Executing command: Type=StoredProcedure
-- begin statement parameters

6

Your .conf file is proper, I guess for testing purpose you are using only one entry in the log file try it with multiple entries, you will be able to see the output on stdout.

7

Thanks sayalee, you are correct. Although my original test was 2 log lines, it was 1 multi line and I assumed EOF would trigger output. Adding a dummy line in that closed the multi line triggered output of first occurrence.

thanks again