How to write logstash multiline for interlaced log lines from different process threads based on a dynamic identifier
原文
2015-12-09 23:46:15
6
1
logstash/
logstash-grok/
logstash-configuration/
logstash-forwarder/
logstash-file
Question
dummy logfile:
[1] test123
[2] test234
[3] test345
[2] test321
[1] test432
[3] test058
[1] test002`
expected result from multiline to merge lines with same id and consider as single event.
[1] test123
[1] test432
[1] test002
1 answers
solution1
0 2015-12-09 23:58:19
The stream_identity property of the multiline filter should work for this.
When using the filter, you can't run more than one worker thread (-w). The multiline codec is supposed to help with that, but the man page does not describe a stream feature like this.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
How to process multiline log entry with logstash filter?
How to make Logstash multiline filter merge lines based on some dynamic field value?
How to split Multiline log in logstash
How to process Logstash Multiline entry?
Logstash: Reading multiline data from optional lines
multiline log (array) with logstash
Logstash: Parse Complicated Multiline JSON from log file into ElasticSearch
Parsing multiline log file in Logstash
Filtering specific lines from log file in logstash
Parse multiline json log with logstash
Related Tags