Beats combining multi-line messages even after the multi-line pattern match


(Anmol Sharma) #1

collector sidecar version = 0.1.6
graylog version = 2.4.6

I am using beats input and enabled the multi-line support in collector sidecar as shown in the image below. This configuration was made using reference given in the link below.
https://www.elastic.co/guide/en/beats/filebeat/master/multiline-examples.html

Selection_307

The multi-line pattern is based on the line starting with the data format YYYY/MM/DD. This configuration is working as expected for combining the error messages span in multiple lines.

My Problem:
It is combining multiple log messages even when the line separator is present. Like as shown in the example image:
Selection_308

Please help me in sorting out this thing.

Actually, multi-line was intended for the error log message samples like undermentioned:


2018/07/31 12:49:40 [error] 6010#0: *4034 FastCGI sent in stderr: "y string to a string offset in /home/trainingbasketbreezeet3gi/public_html/wp-content/plugins/ubermenu/includes/menuitems/UberMenuItem.class.php on line 569
PHP message: PHP Warning: Illegal string offset ‘item_display_calc’ in /home/trainingbasketbreezeet3gi/public_html/wp-content/plugins/ubermenu/includes/menuitems/UberMenuItem.class.php on line 679
PHP message: PHP Warning: Illegal string offset ‘item_display_calc’ in /home/trainingbasketbreezeet3gi/public_html/wp-content/plugins/ubermenu/includes/menuitems/UberMenuItem.class.php on line 569


2018/07/31 12:13:24 [error] 6003#0: *3025 FastCGI sent in stderr: “PHP message: PHP Fatal error: Uncaught Error: [] operator not supported for strings in /home/trainingbasketbreezeet3gi/public_html/wp-content/plugins/revslider/includes/framework/base-admin.class.php:71
Stack trace:
#0 /home/trainingbasketbreezeet3gi/public_html/wp-content/plugins/revslider/admin/revslider-admin.class.php(572): RevSliderBaseAdmin::addMetaBox(‘Revolution Slid…’, ‘’, Array, NULL)
#1 /home/trainingbasketbreezeet3gi/public_html/wp-content/plugins/revslider/admin/revslider-admin.class.php(73): RevSliderAdmin->addSliderMetaBox()
#2 /home/trainingbasketbreezeet3gi/public_html/wp-content/plugins/revslider/admin/revslider-admin.class.php(44): RevSliderAdmin->init()
#3 /home/trainingbasketbreezeet3gi/public_html/wp-content/plugins/revslider/revslider.php(165): RevSliderAdmin->__construct(’/home/trainingb…’)
#4 /home/trainingbasketbreezeet3gi/public_html/wp-settings.php(305): include_once(’/home/trainingb…’)
#5 /home/trainingbasketbreezeet3gi/public_html/wp-config.php(80): require_once(’/home” while reading response header from upstream, client: 122.162.66.236, server: trainingbasketbreezeet3gi.breeze.io, request: “GET /wp-admin/ HTTP/1.1”, upstream: “fastcgi://127.0.0.1:9000”, host: “trainingbasketbreezeet3gi.breeze.io


(Anmol Sharma) #2

Found the solution on the thread link undermentioned:

I have changed the multiline pattern as below:

^\d{4}/\d{2}/\d{2}


(system) #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.