Hi,
Multiline concat my device logs but does not remove unusefull informations.
exemple:
<134>Mar 03 11:39:57 SHK-NSW-CORE CLI(67) Data: USERCMD: <gmenage> <10.1.16.1> [no ip interface lololol] <ERROR: No such interfa<134>Mar 03 11:39:57 SHK-NSW-CORE CLI(67) Data: [Count.]ce - lololol.>
I tryed to use GSUB to clean my multiline output:
gsub=>[ "message","%{ALE_MULTILINE_BASE}", "" ]
with
ALE_BASE <%{POSINT:syslog_pri}>%{ALE_TIMESTAMP:@timestamp}%{SPACE}%{SYSLOGHOST:hostname}%{SPACE}%{SYSLOGPROG:message_program}\(%{DATA:message_thread_id}\)%{SPACE}Data:%{SPACE}
But it looks like gsub does not accept %{ALE_MULTILINE_BASE}
as a variable.
Do you have an idea?
/opt/logstash/bin/logstash --version
logstash 2.1.1
Thank you in advance.
Regards