Logstash 1.4.1 multiline codec not working -


i'm trying parse multiline data log file. have tried multiline codec , multiline filter. doesn't work me.

log data

info 2014-06-26 12:34:42,881 [4] [handleschedulerequests] request entity: user name : user dlr : 04 text : string interface type : 1 sender : sdr debug 2014-06-26 12:34:43,381 [4] [handleschedulerequests] entitis : 1 system.exception 

and configuration file

input {     file {            type => "cs-bulk"            path =>            [                    "/logs/bulk/*.*"            ]             start_position => "beginning"            sincedb_path => "/logstash-1.4.1/bulk.sincedb"             codec => multiline {                     pattern => "^%{level4net}"                     => "previous"                     negate => true            }    } }  output {    stdout { codec => rubydebug }    if [type] == "cs-bulk" {       elasticsearch {        host => localhost        index => "cs-bulk"      }    } }  filter {    if [type] == "cs-bulk" {     grok {         match => { "message" => "%{level4net:level} %{timestamp_iso8601:time} %{thread:thread} %{logger:method} %{message:message}" }          overwrite => ["message"]     }   } } 

and when logstash parsing multiline part first line, , tag multiline. the other lines not parsed!

{     "@timestamp" => "2014-06-27t16:27:21.678z",        "message" => "request entity:",       "@version" => "1",           "tags" => [         [0] "multiline"     ],           "type" => "cs-bulk",           "host" => "lab",           "path" => "/logs/bulk/22.log",          "level" => "info",           "time" => "2014-06-26 12:34:42,881",         "thread" => "[4]",         "method" => "[handleschedulerequests]" } 

place (?m) @ beginning of grok pattern. allow regex not stop @ \n.


Comments

Popular posts from this blog

javascript - RequestAnimationFrame not working when exiting fullscreen switching space on Safari -

Python ctypes access violation with const pointer arguments -