Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Grok pattern on multiline

Description

Hi,

I have a problem with '\n' from multiline filter.
Using multiline I try to create a grok pattern for the following log:

This Is my filter conf:

This Is my grok: 'ossec.grok'

I can't match the complete event. I can match different part of the event but can t pass any '\n'.I try different regexp to match '\n' but I t s not working.

Please let me know,
Regards

Gliffy Diagrams

Activity

Show:

availlant November 9, 2012 at 8:46 AM

Hi Jordan,

(?m) at the beginning of my grok pattern solved my problem.
Thanks

Regards
Aurelien

Jordan Sissel November 8, 2012 at 8:16 PM

Right now, the grok filter defaults to not matching new lines.

However, you can likely achieve this by putting (?m) at the beginning of your grok pattern (which should enable it to match across line breaks)

Fixed

Details

Assignee

Reporter

Labels

Fix versions

Affects versions

Created November 8, 2012 at 4:55 PM
Updated April 19, 2013 at 8:19 PM
Resolved November 12, 2012 at 8:48 PM
Configure