i intend to use filebeat for making multiline events into a sequence of events and then use logstash grok patterns to create index and filter data.
while when i use only logstash the index is created in a manner i want to and everything runs fine but when i try it using filebeat-> logstash-> elasticsearch-> kibana the grok patterns dont work and the data parsing is done without the logstash filters.
can someone please suggest where should i look in order make the logstash filters work.
this is the filbeat config:
filebeat.prospectors:
-
type: "bwlogsqa"
enabled: true
paths:- /home/pushkar/*.log
multiline.pattern: "^2017 "
multiline.negate: true
multiline.match: after
output.logstash:
hosts: ["127.0.0.1:5044"]