Write filter for multiline in logstash filter

Elastic Stack Logstash
1

I need to write a logstash filter for linux multiline log using GROK. My log sample is like as below.

2017-05-22T04:28:12.444+05:30 WARN  [BlockingBatchedESOutput] Error while waiting for healthy Elasticsearch cluster. Not flushing.
java.util.concurrent.TimeoutException: Write-active index didn't get healthy within timeout
at org.graylog2.indexer.cluster.Cluster.waitForConnectedAndDeflectorHealthy(Cluster.java:221) ~[graylog.jar:?]
at org.graylog2.indexer.cluster.Cluster.waitForConnectedAndDeflectorHealthy(Cluster.java:232) ~[graylog.jar:?]
at org.graylog2.outputs.BlockingBatchedESOutput.flush(BlockingBatchedESOutput.java:121) [graylog.jar:?]
at org.graylog2.outputs.BlockingBatchedESOutput.writeMessageEntry(BlockingBatchedESOutput.java:114) [graylog.jar:?]
at org.graylog2.outputs.BlockingBatchedESOutput.write(BlockingBatchedESOutput.java:96) [graylog.jar:?]
at org.graylog2.buffers.processors.OutputBufferProcessor$1.run(OutputBufferProcessor.java:194) [graylog.jar:?]
at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176) [graylog.jar:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) [?:1.8.0_131]
at java.util.concurrent.FutureTask.run(Unknown Source) [?:1.8.0_131]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:1.8.0_131]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:1.8.0_131]
at java.lang.Thread.run(Unknown Source) [?:1.8.0_131]

Please help me to write a logstash filter with grok pattern

2

Have you tried using the grok constructor web site?

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.