Want to parse multiline json logs using filebeat and logstash except non-josn logs without any failure

my json log file

{
"a":{
"se":"NA",
"event":"158",
"sys":"NA",
"Id":"149",
"ma":"o",
"ab":"Pod",
"source": "Application",
"eq":"NA",
"pr":"NA",
"sev":"CRIT"
},
"b":{
"total_memory":"10GB",
"memory_usage":"8GB",
"memory_available":"2GB"
}
}

--------------abc JSON ----------------

{
"a":{
"se":"NA",
"event":"158",
"sys":"NA",
"Id":"149",
"ma":"o",
"ab":"Pod",
"source": "Application",
"eq":"NA",
"pr":"NA",
"sev":"CRIT"
},
"b":{
"total_memory":"10GB",
"memory_usage":"8GB",
"memory_available":"2GB"
}
}

i want to exclude "--------------abc JSON ----------------" line for now in this logfile
and non -json log without any error

my filebeat -configuration

filebeat.yml: |-
     filebeat.inputs:
     - type: log
       paths:
         - /var/log/containers/test.log
       multiline.pattern: '^{'
       multiline.negate: true 
       multiline.match: after
     processors:
     - decode_json_fields:
         fields: ['message']
         target: ""
     - drop_fields:
         fields: ['message']     

logstash.conf

input {
	beats {
		port => 5044
	}
}
filter {

 json {
        
      source => "message"
   }
}
output {
    elasticsearch {
        hosts => ["http://10.109.226.97:9200"]
        user => kibanauser
        password => kibanauser
        index => "multiline-json-%{+YYYY.MM.dd}"
    }
  stdout{ codec => rubydebug }

}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.