That log file looks pretty structured. Have a look at http://grokdebug.herokuapp.com/ or Kibana's inbuilt debugger (Dev Tools -> Grok Debugger) to try out your grok filters
I can see from the logs that you can use LOGLEVEL and TIMESTAMP_ISO8601 patterns (http://grokdebug.herokuapp.com/patterns). In your beats configuration, you can tell it that the log is multiline and split new log records when a line hits LOGLEVEL
Thank you for the reply
But Here i have the file which contains some lines which are as below and i really need Help in parsing this multi line pattern..TIA
If you can use a grok filter to identify which log entries contain the JSON information, you could then pull it out to another field and then apply another filter which will deal with JSON and also nested as well.
If anyone else has a more efficient way to do this, feel free to weigh in
I will be looking at doing something similar down the track and researching how this can be done efficiently
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.