Hi,
I configured a sidecar on my container and I am receiving the logs on graylog server with success. BUT my log file have multilines.
Example Logs file:
[2019-04-02T18:25:00.193+0000] [glassfish 4.1] [INFO] [] [com.sun.metro.policy] [tid: _ThreadID=46 _ThreadName=http-listener-1(11)] [timeMillis: 1554229500193] [levelValue: 800] [[
WSP5018: Loaded WSIT configuration from file: file:/usr/local/glassfish4/glassfish/domains/domain1/applications/XXXXX/WEB-INF/classes/META-INF/wsit-client.xml.]]
[2019-04-02T18:25:01.251+0000] [glassfish 4.1] [INFO] [] [com.sun.metro.policy] [tid: _ThreadID=40 _ThreadName=http-listener-1(5)] [timeMillis: 1554229501251] [levelValue: 800] [[
WSP5018: Loaded WSIT configuration from file: file:/usr/local/glassfish4/glassfish/domains/domain1/applications/XXXXX/WEB-INF/classes/META-INF/wsit-client.xml.]]
[2019-04-02T18:25:02.286+0000] [glassfish 4.1] [INFO] [] [com.sun.metro.policy] [tid: _ThreadID=66 _ThreadName=http-listener-1(31)] [timeMillis: 1554229502286] [levelValue: 800] [[
WSP5018: Loaded WSIT configuration from file: file:/usr/local/glassfish4/glassfish/domains/domain1/applications/XXXXX/WEB-INF/classes/META-INF/wsit-client.xml.]]
My configuration:
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}
filebeat.inputs:
- input_type: log
paths:
- /usr/local/glassfish4/glassfish/domains/domain1/logs/server.log
type: log
output.logstash:
hosts: ["172.16.107.73:5044"]
path:
data: /var/lib/graylog-sidecar/collectors/filebeat/data
logs: /var/lib/graylog-sidecar/collectors/filebeat/log
multiline:
multiline.pattern: '^\[d{4}\-d{2}\-d{2}T'
multiline.negate: true
multiline.match: after
I tried another combinations for multiline.pattern without success.
'^\[d{4}\-d{2}\-d{2}T'
'^\[d{4}\-d{2}\-d{2}T*
'^[d{4}\-d{2}\-d{2}T''
And change multiline.negate: true / false
I cannot find my error:
Graylog 3.0.0
Sidecar 1.0.0
Thanks advance.