Hi Team,
We are using filbeat as an agent to pull the logs from different servers, a few of the logs have prefixes that get stuck in front of actual log events.
In order to parse the log files we need to remove these prefixes from all the events, the prefix offset is ~ 50 characters.
Is there any way using any processors we can remove the first few characters from the log file using filebeat??
I would suggest to use logstash instead of filebeat and filter the unwanted prefixes.
Hi,
Thanks for responding.
But the log events are in multiline and the prefix stuff is coming in all the lines, which is causing issues in sending the multiline event as a single line to logstash.
Example
<Prefix>timestamp log level ID log message
<Prefix> at.arg.<Stacktrace>
<Prefix> at.arg.<Stacktrace>
<Prefix> at.arg.<Stacktrace>
<Prefix> at.arg.<Stacktrace>
If I send without removing Prefix from the log file, it will not be considered as multiline!!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.