Hi, I am trying to parse logs with Logstash using Grok filters. Most of the logs are a single line but some have line breaks and spaces between them. Is there a way to get Logstash to recognize them as one log rather than ending the message at the line break? Thanks
You might want to look into why your logs are not clean lines, maybe loggrotate ? or the way you ship your logs ?
Anyway, you could look into something like checking the "_grokparsefailure" in [tags] which whill sort out the bad looking logs.
Then you could use logstash mutate plugin
with "strip" you could remove "\n" and look for how whitespaces with "gsub" but the impact on the log itself is hard to tell without any samples.
Can you provide some log samples and how you ship your logs to better understand ?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.