Why multiline pattern merge lines that don't respect the regex?

Elastic Stack Beats
1

i want my filebeat.yml to combine only the lines that respect the regex
multiline.pattern: '^Server [[:graph:]]* Line'

multiline.negate: true

multiline.match: after
but actually it combines the other lines that don't even contain the world server.and this not waht i want ?
this is my filebeat.yml

filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so

# you can use different inputs for various configurations.

# Below are the input specific configurations.

- type: log

  # Change to true to enable this input configuration.

  enabled: true

  # Paths that should be crawled and fetched. Glob based paths.

  paths:

    - C:\elasticstack\filebeat-7.10.2-windows-x86_64\filebeat-7.10.2-windows-x86_64\logs\*.log

  #ignore_older: 5m

  #close_inactive: 2m

    #- c:\programdata\elasticsearch\logs\*

  #exclude_lines: ['^\(', '^[[:space:]]', ^Script , ^bde_ , ^CHEMIN]

  include_lines: ['^(3[01]|0[1-9]|[12][0-9])(-?)(1[0-2]|0[1-9])(-?)([0-9]{4})[[:space:]]([0-9]{2}):([0-9]{2}):([0-9]{2})', 'ETAPE','ERREUR INTERNE']

  multiline.pattern: '^Server [[:graph:]]* Line'

  multiline.negate: true

  multiline.match: after

what's the problem exctly ?

2

The property multiline.negate: true means that you want to use the negated pattern.

3

i want to understand why it merges the other lines in file log which doesn't respect the regex.I want only to merge the lines which respect the regex did you get my point ?

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.