ODSEE 11g multiline log processing in Logstash 5.4

Hello All.
I am new to ELK and started learning with installing latest ELK stack 5.4 on linux. Setup is working fine and able to stash logs and search in Kibana. But would like to structure logs so its more relevant and understand client behavior.
All the logs are from ODSEE 11g and comes from 2 different component (directory server and directory proxy server).
To add more complexity 1 single LDAP operation is logged as multi line. Sample LDAP search log here-

[12/May/2017:07:55:46 -0700] conn=22413302 op=-1 msgId=-1 - fd=215 slot=215 LDAP connection from 192.168.1.40:17314 to 192.168.1.66
[12/May/2017:07:55:46 -0700] conn=22413302 op=0 msgId=1 - BIND dn="uid=m34368,ou=dsame users,dc=example,dc=com" method=128 version=3
[12/May/2017:07:55:46 -0700] conn=22413302 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0.000320 dn="uid=m34368,c"
[12/May/2017:07:55:46 -0700] conn=22413302 op=1 msgId=2 - SRCH base="ou=people,dc=example,dc=com" scope=0 filter="(uid=at236b)" attrs="1.1"
[12/May/2017:07:55:46 -0700] conn=22413302 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0.000180
[12/May/2017:07:55:46 -0700] conn=22413302 op=2 msgId=3 - UNBIND
[12/May/2017:07:55:46 -0700] conn=22413302 op=2 msgId=-1 - closing from 192.168.1.40:17314 - U1 - Connection closed by unbind client -
[12/May/2017:07:55:46 -0700] conn=22413302 op=-1 msgId=-1 - closed.

Similarly we have LDAP add/modify/delete events which i want to query using kibana to see LDAP perf+client behavior. As per Logstash I am supposed to use multiline codec but not able to find correct Grok filters to parse correctly.
Can you please help me with setting up correct grok filters+multiline codec usage.
Any help is much appreciated.

Thanks

Any suggestion is welcomed. Do share your ideas on above.

Thanks.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.