You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
2016-03-18 00:00:00.000 ABC DEF GHI
2016-03-18 00:00:00.000
THIS IS A MULTILINE
2016-03-18 00:00:00.000 THIS IS NOT A MULTILINE
2016-03-18 00:00:00.000 ABC DEF GHI
But I'm not able to match the multiline data. Could anyone please help with this?
The text was updated successfully, but these errors were encountered:
Below is the config file
input {
file {
path => ["Records.log"]
sincedb_path => "/dev/null"
start_position => "beginning"
codec => multiline {
pattern => "^[\d]{4}-[\d]{2}-[\d]{2} "
negate => true
what => "previous"
}
}
}
filter {
mutate {
gsub => ['message', "\n", " "]
gsub => ['message', "\t", " "]
}
grok {
patterns_dir => "patterns"
match => "%{START_TIME:START_TIME:date} %{LOGLEVEL1:loglevel1}"
}
date {
match => [ "START_TIME" , "yyyy-MM-dd HH:mm:ss.SSS" ]
}
}
output {
stdout {
codec => rubydebug
}
}
Below are the patterns used
YEAR (\d){4}
MONTHNUM (\d){2}
MONTHDAY (\d){2}
DATE %{YEAR}[/-]%{MONTHNUM}[/-]%{MONTHDAY}
HOUR (\d){2}
MINUTE (\d){2}
SECOND (\d){2}
MILLISECOND (\d){3}
START_TIME %{DATE} %{TIMESTAMP}
LOGLEVEL1 ([!-Ó¶a-z0-9$.+!'(){},~:;=@#&%-?/"//<>|\t ]_)+
Below are the records I'm trying to load
2016-03-18 00:00:00.000 ABC DEF GHI
2016-03-18 00:00:00.000
THIS IS A MULTILINE
2016-03-18 00:00:00.000 THIS IS NOT A MULTILINE
2016-03-18 00:00:00.000 ABC DEF GHI
But I'm not able to match the multiline data. Could anyone please help with this?
The text was updated successfully, but these errors were encountered: