StackTrace with multiline filter on logstash

hi

We user beats to send the logs to our centralized log server. We are finding it bit difficult to parse a stack trace . The sample log is below ,
INFO 2017-07-02 03:46:52,714 [[corn-ice-1.0.0-SNAPSHOT].schedule-db_flow.stage1.03] org.mule.api.processor.LoggerMessageProcessor: Failed to Run with this Query null, try after 10 seconds
ERROR 2017-07-02 03:46:52,614 [[corn-ice-1.0.0-SNAPSHOT].schedule-db_flow.stage1.16] org.mule.exception.CatchMessagingExceptionStrategy:


Message : Incorrect integer value: 'null' for column 'event_id' at row 1 (java.sql.SQLException). Message payload is of type: Schedule
Code : MULE_ERROR-29999

Exception stack is:

  1. Incorrect integer value: 'null' for column 'event_id' at row 1 (java.sql.SQLException)
    com.mysql.jdbc.SQLError:946 (null)
  2. Incorrect integer value: 'null' for column 'event_id' at row 1 (java.sql.SQLException). Message payload is of type: Schedule (org.mule.api.MessagingException)
    org.mule.module.db.internal.processor.AbstractDbMessageProcessor:93 (http://www.mulesoft.org/docs/site/current3/apidocs/org/mule/api/MessagingException.html)

Root Exception stack trace:
java.sql.SQLException: Incorrect integer value: 'null' for column 'event_id' at row 1
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:946)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:2985)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1631)
+ 3 more (set debug level logging or '-Dmule.verbose.exceptions=true' for everything)


INFO 2017-07-02 03:46:52,614 [[corn-ice-1.0.0-SNAPSHOT].schedule-db_flow.stage1.16] org.mule.api.processor.LoggerMessageProcessor: Failed to Run with this Query null, try after 10 seconds

we would like parse and push the log to ES only when the message has "Incorrect integer value: 'null' for column 'event_id' " . Can some one help us with using multiline on logstash filter to process the same .
any suggestion would be helpful

Thanks
Raj

Found the solution my self with Elastic documentation and other blogs
The multiline filter looks as follows
multiline {
patterns_dir => "./patterns"
pattern => "(^INFO)|(^ERROR)|(^WARN)"
negate => true
what => "previous"
}

followed by simple grok to match the string we need to identify .

Thanks

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.