Splitting multiple logs combined as a single message to multiple event log entries

I have installed filebeat to forward apache logs to logstash to parse and store it in elasticsearch so that i can view it in Kibana, but i'm facing the below issue

Multiple logs are getting parsed as a single message -

Example 1: -

64.77.63.8 - - [15/Apr/2016:03:28:42 -0400] "POST /WeblRunner?requestID=1878587528&splitID=0 HTTP/1.1" 200 70124 64.77.63.8 - - [15/Apr/2016:03:28:47 -0400] "POST /Web?requestID=1878587679&splitID=0 HTTP/1.1" 200 53487 64.77.63.8 - - [15/Apr/2016:03:28:48 -0400] "POST /WeblRunner?requestID=1878587775&splitID=0 HTTP/1.1" 200 7961

Example 2: -

64.77.63.8 - - [15/Apr/2016:03:28:42 -0400] "POST /WeblRunner?requestID=1878587528&splitID=0 HTTP/1.1" 200 70124

In my Kibana i'm getting logs in both example 1 and example 2 format at the same time from a same common apache log file from which filebeat is passing the data to logstash.

Can anyone help me in sorting out on what are necessary changes to be made so that i don't see logs in the form of example 1 which is absolutely wrong from log monitoring perception.

Because in first format you could see that there are 3 logs that are combined as a single message and i'm not able to figure out how to separate these as individual events.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.