Why Filebeat is treating the the whole content of the file as a single message?

muntazirabbas · March 31, 2020, 4:53pm

Hi,
I am trying to send some custome logs to elasticsearch but it seems filebeat is treating the content of the file as a single message while the file has many log entries. The file name syntax is as follows:

F:\inetpub\logs\443\IMAS_RequestLogger2.txt.20200325-15

The filebeat conf is as follows, Please tell what I am doing wrong here?

filebeat.inputs:
- type: log
  enabled: true
  paths:
     - F:\inetpub\logs\443\*.txt.*
  #include_lines: ['^ERR', '^WARN']
  multiline.pattern: '^\2020-'
  multiline.negate: true
  multiline.match: after

system · April 28, 2020, 4:53pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat send the entire logfile as a single message Beats filebeat	2	5369	March 9, 2018
Filebeat Issue - all log entries are merged in a single message instead of multiple messages Beats filebeat	5	2589	July 2, 2019
Messages from different files are combined as one document Beats filebeat	3	938	July 5, 2017
Filebeat multiline question Beats filebeat	7	1613	July 5, 2017
Filebeat multiline directly to elasticsearch Beats filebeat	4	424	April 17, 2019

Why Filebeat is treating the the whole content of the file as a single message?

Related topics