I have installed filebeat to forward apache logs to logstash to parse and store it in elasticsearch so that i can view it in Kibana, but i'm facing the below issue
Multiple logs are getting parsed as a single message -
Example 1: -
126.96.36.199 - - [15/Apr/2016:03:28:42 -0400] "POST /WeblRunner?requestID=1878587528&splitID=0 HTTP/1.1" 200 70124 188.8.131.52 - - [15/Apr/2016:03:28:47 -0400] "POST /Web?requestID=1878587679&splitID=0 HTTP/1.1" 200 53487 184.108.40.206 - - [15/Apr/2016:03:28:48 -0400] "POST /WeblRunner?requestID=1878587775&splitID=0 HTTP/1.1" 200 7961
Example 2: -
220.127.116.11 - - [15/Apr/2016:03:28:42 -0400] "POST /WeblRunner?requestID=1878587528&splitID=0 HTTP/1.1" 200 70124
In my Kibana i'm getting logs in both example 1 and example 2 format at the same time from a same common apache log file from which filebeat is passing the data to logstash.
Can anyone help me in sorting out on what are necessary changes to be made so that i don't see logs in the form of example 1 which is absolutely wrong from log monitoring perception.
Because in first format you could see that there are 3 logs that are combined as a single message and i'm not able to figure out how to separate these as individual events.