multiline plugin generate multiple @timestamp

Description

I tried to merge a multiline java stack trace log. with this config

logstash.conf

Logstash terminated with this error message:

stderr

AND

stdout

As you can see there are multiple @timestamp in the event which will be send to elasticsearch. This is wired. I think ES cloud not handle it and quit. I Also tried to remove the @timestamp field with mutate before I "date" it. But the field still there. I don't know if this is the default behavior of multiline plugin to keep all timestamp.

Activity

Show:
Colin Surprenant
March 27, 2014, 10:16 PM

I confirm this is a known issue in 1.4.0 with the multiline filter. A fix has been merged https://github.com/elasticsearch/logstash/pull/1211

Colin Surprenant
April 10, 2014, 2:07 AM

Assignee

Colin Surprenant

Reporter

yuanl

Fix versions

Affects versions

Configure