Not able to filter from filebeat

surya1 · January 20, 2020, 3:49pm

Hi ,

I have a log a file that has 10-12 lines per paragraph and this same pattern repeats.

From this log file I need to select only 4-5 lines . Tried to use include lines but in elastic search i am not getting these as a single filtered message. instead it is coming as multiple messages.

Eg:

This is my line#1
This is my line#2
Yes line number3
..
..
This is my lastline.

Here I have to get only line number 3 and the last line. Added include lines with corresponding regular expressions and it is working. But the issue is elastic search shows "Yes line number3" and "This is my lastline." as two separate lines/indexes. How can I get it as a single message like:

"Yes line number3
This is my lastline."

jsoriano · January 20, 2020, 4:45pm

Hi @surya1 and welcome to discuss!

Did you try multiline options? Though I am afraid that it won't work in your case, because you need first to filter-out lines with include_lines/exclude_lines, and then join lines. But multiline rules are applied before filtering.

system · February 17, 2020, 4:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.