# logstash configuration problem
my actual logfile looks like:
info - 2015-06-22 06:55:11 - \n**********************************************************************************\n********* xxxxxxxxxxxxxxxxxxxxx 2015-06-22 06:55:11\n********** time zone pacific standard time or america/los_angeles\n**********************************************************************************\n\n\ninfo - 2015-06-22 06:55:32 - finished loading connector modules
on logstash applied multiline filter
multiline { pattern => "%{loglevel}" => "next" negate => true } i expected output
1.
info - 2015-06-22 06:55:11 - \n**********************************************************************************\n********* xxxxxxxxxxxxxxxxxxxxx 2015-06-22 06:55:11\n********** time zone pacific standard time or america/los_angeles\n**********************************************************************************
2.
info - 2015-06-22 06:55:32 - finished loading connector modules
but getting result
info - 2015-06-22 06:55:11 -
2.
\n**********************************************************************************\n********* xxxxxxxxxxxxxxxxxxxxx 2015-06-22 06:55:11\n********** time zone pacific standard time or america/los_angeles
3.
\n**********************************************************************************\n\n\ninfo - 2015-06-22 06:55:32 - finished loading connector modules
can suggest going wrong multiline pattern ?
your config says, "unless line contains loglevel, keep next line".
you need "previous", , "starts loglevel" wouldn't hurt.
Comments
Post a Comment