multiline plugin generate multiple @timestamp

Description

I tried to merge a multiline java stack trace log. with this config

logstash.conf

Logstash terminated with this error message:

stderr

AND

stdout

As you can see there are multiple @timestamp in the event which will be send to elasticsearch. This is wired. I think ES cloud not handle it and quit. I Also tried to remove the @timestamp field with mutate before I "date" it. But the field still there. I don't know if this is the default behavior of multiline plugin to keep all timestamp.

Status

Assignee

Colin Surprenant

Reporter

yuanl

Fix versions

Affects versions

Configure