Multiline index

Hi

5/16/2018 11:38:49 PM==> Notification to be sent: 14921770
5/16/2018 11:39:07 PM==> Exception Occurred: A message needs to have at least one recipient.
5/16/2018 11:39:07 PM==> Stack Trace:    at Microsoft.Exchange.WebServices.Data.ServiceResponse.InternalThrowIfNecessary() in \\REDMOND\EXCHANGE\BUILD\E15\sources\wsManagedApi\src\EwsManagedApi\Core\Responses\ServiceResponse.cs:line 277
   at Microsoft.Exchange.WebServices.Data.MultiResponseServiceRequest`1.Execute() in \\REDMOND\EXCHANGE\BUILD\E15\sources\src\EwsManagedApi\Core\Requests\MultiResponseServiceRequest.cs:line 166
   at Microsoft.Exchange.WebServices.Data.ExchangeService.SendItem(IolderId savedCopyDestinationFolderId) in \\REDMOND\SOURCES\sources\dev\EwsManagedApi\src\EwsManagedApi\Core\ExchangeService.cs:line 614

I followed below url and followed Java stack traces and below timestamp types
https://www.elastic.co/guide/en/beats/filebeat/5.6/multiline-examples.html#_timestamps

multiline.pattern: '[^[0-9]{1}/[0-9]{2}/[0-9]{4}]'
multiline.negate: true
multiline.match: after

but i its not working … Can any one help on this to fix.?

Thanks,
K.Jayakumar

your pattern is wrong. try this instead: [0-9]{1,2}\/[0-9]{1,2}\/[0-9]{4}

Thanks for reply , i tried this also , not getting as expected .

Which version of Filebeat are you using?
What’s the complete configuration of Filebeat?
What’s the result with the following configuration snippet?

multiline.pattern: '^[0-9]{1,2}\/[0-9]{1,2}\/[0-9]{4}'
multiline.negate: true
multiline.match: after

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.