Discuss the Elastic Stack

Parsing logs filebeat

Elastic Stack Beats

mostpha456 (Mostpha) May 3, 2021, 5:55pm 1

Hello,
I m using filebeat to parse my logs
I have logs of the following format:
ID: xxx
Date: xxx
Message: xxx
is it possible to send the logs to elasticsearch by adding the fields ID, Date, Message and their values without going through logstash ?

Thank you

legoguy1000 (Alex) May 4, 2021, 2:04am 2

Yes, you'll need to setup a multi line input, see Manage multiline messages | Filebeat Reference [7.12] | Elastic. them add a dissect processor that can parse the message using \n to represent the line breaks.

1 Like

mostpha456 (Mostpha) May 5, 2021, 11:42am 3

Hello,
thank you for your answer.
i m having a dissect_parsing_error, l think it s because of the \n, do you have any idea where i can find any exemple of dissect using /n ?
Thank you

legoguy1000 (Alex) May 5, 2021, 12:04pm 4

I'll have to find it. There was another post on this forum that people discussed it and that's where I saw the \n. I'll see if I can find it.

system (system) Closed June 2, 2021, 2:05pm 5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views	Activity
Filebeat dissect line break Beats filebeat	7	1508	June 3, 2021
About FileBeat Dissect processor Beats filebeat	2	857	October 28, 2022
Parsing logs of FIlebeat and send to Elastic search Beats filebeat	3	370	August 4, 2021
Timestamp - Filebeat Beats filebeat	8	3991	May 25, 2021
Parsing the filebeat logs Logs	2	375	May 25, 2020

© 2020. All Rights Reserved - Elasticsearch

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.