Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Post an Article
Welcome To Ask or Share your Answers For Others

Categories

python - ELK stacks multiline in filebeat is not working as expected

0 votes
335 views
in Technique[技术] by (71.8m points)

python - ELK stacks multiline in filebeat is not working as expected 

- type: container
  enabled: true
  paths:
    - /var/lib/docker/containers/*/*.log
  multiline.pattern: '^Traceback|^[[:space:]]+'
  multiline.negate: true
  multiline.match: after

I've configured filebeat multiline as above. But the thing is above one also capture single line event as multiline in ElasticSearch as follow:

172.17.0.1 - - [25/Jan/2021 02:51:21] "[37mPOST /rest/V1/products HTTP/1.1[0m" 200 -
172.17.0.1 - - [25/Jan/2021 02:51:22] "[37mPOST /rest/V1/products HTTP/1.1[0m" 200 -
172.17.0.1 - - [25/Jan/2021 02:51:23] "[37mPOST /rest/V1/products HTTP/1.1[0m" 200 -
172.17.0.1 - - [25/Jan/2021 02:51:24] "[37mPOST /rest/V1/products HTTP/1.1[0m" 200 -
172.17.0.1 - - [25/Jan/2021 02:51:25] "[37mPOST /rest/V1/products HTTP/1.1[0m" 200 -
172.17.0.1 - - [25/Jan/2021 02:51:26] "[37mPOST /rest/V1/products HTTP/1.1[0m" 200 -

But when I've changed multiline.negate: false, it does not work at all. Please let me know how to resolve that issue.

Here is my sample log output, thanks.

{"log":"172.17.0.1 - - [30/Oct/2020 08:10:46] "u001b[37mPUT /rest/V1/products/AABBCC HTTP/1.1u001b[0m" 200 -
","stream":"stderr","time":"2020-10-30T08:10:46.970417641Z"}
{"log":"172.17.0.1 - - [30/Oct/2020 08:10:47] "u001b[35mu001b[1mPUT /rest/V1/products/AABBCC HTTP/1.1u001b[0m" 500 -
","stream":"stderr","time":"2020-10-30T08:10:47.998597649Z"}
{"log":"Traceback (most recent call last):
","stream":"stderr","time":"2020-10-30T08:10:48.048802517Z"}
{"log":"  File "/usr/local/lib/python3.8/site-packages/sentry_sdk/integrations/flask.py", line 68, in sentry_patched_wsgi_app
","stream":"stderr","time":"2020-10-30T08:10:48.048830727Z"}
{"log":"    return SentryWsgiMiddleware(lambda *a, **kw: old_app(self, *a, **kw))(
","stream":"stderr","time":"2020-10-30T08:10:48.048834928Z"}
{"log":"  File "/usr/local/lib/python3.8/site-packages/sentry_sdk/integrations/wsgi.py", line 96, in __call__
","stream":"stderr","time":"2020-10-30T08:10:48.048838273Z"}
question from:https://stackoverflow.com/questions/65878429/elk-stacks-multiline-in-filebeat-is-not-working-as-expected

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

Just Browsing Browsing

1.4m articles

1.4m replys

5 comments

57.0k users

Most popular tags

Snow Theme by Q2A Market
Powered by Question2Answer
...