I am processing sql error log files . Below 2 lines are my input .
I want to ignore first line input format , it pickes secondline format data.
2018-03-07 15:05:01.90 Logon Error: 18456, Severity: 14, State: 7.
2018-03-07 15:05:01.90 Logon Login failed for user ‘usr’. Reason: An error occurred while evaluating the password. [CLIENT: 1.1.1.1]
So in collector filebeat configuration in exclude option i gave below regex. I dont thing any problem with regex.
^%{DATE} %{TIME}\s+Logon\s+Error:\s+[\d]+,\s+Severity:\s+[\d]+,\s+State:\s+[\d]+.
, but still i am getting first line inputs. Please help me to resolve the issue.
Thanks for your reply.
Below lines are 2 different type of inputs ,all are single line format , I want to ignore first input and my collector ll pick second format. So i am using regex to achieve this. But its not excluding first format.
2018-03-07 15:05:01.90 Logon Error: 18456, Severity: 14, State: 7. 2018-03-07 15:05:01.90 Logon Login failed for user ‘usr’. Reason: An error occurred while valuating the password. [CLIENT: 1.1.1.1]
HI Jan,
I given below regex to exclude 2018-03-07 15:05:01.90 Logon Error: 18456, Severity: 14, State: 7 ^[\d]+-[\d]+-[\d]+\s+[\d]+:[\d]+:[\d]+.[\d]+\s+Logon\s+Error:\s+[\d]+,\s+Severity:\s+[\d]+,\s+State:\s+[\d]+
but its not excluding .
Thanks,
Jay’
