logstash multiline: Adding lastline to previous line.
Description
Gliffy Diagrams
Activity
Show:
Nataraj Ramalingam May 21, 2014 at 8:47 AM
Thanks Philippe.
Philippe Weber May 21, 2014 at 5:14 AM
As long as you know all possible lines, you can use the following logic
All lines matching the pattern will be appended until a line not matching the pattern is encountered, only then the event will get out of the filter.
smLog=permalink;recordId=DrsSESERFE;permalink=001;actionName=ERFE;bytesIn=0;bytesOut=0;status=OK;transId=1400593619256;url=null;userPermID=null
smLog=permalink;recordId=DrsSESCLASSIFY;permalink=001;actionName=CLASSIFY;bytesIn=0;bytesOut=0;status=OK;transId=1400593619256;url=null;userPermID=null
smLog=permalink;recordId=DrsSESTerms;permalink=001;actionName=ENRICHMENT;bytesIn=0;bytesOut=0;status=OK;transId=1400593619256;url=null;userPermID=null
These 3 line are one set and I have create record out of these 3 lines. The problem here is
first 2 lines are optional(anyone or both wont come in some cases), so cannot use it pattern.
Problem: last line of the log is coming in the next(2nd) multiline record.
How can I attach the last line in the same multiline record?