'Configure multiline from filebeat tomcat module
I'm using filebeat 7.15 with tomcat module to send logs to kibana. I'm trying to send exceptions as one message.
My tomcat.yml configuration looks like this.
- module: tomcat
log:
enabled: true
var.input: file
var.paths: ["catalina.out"]
input:
multiline.pattern: "^[[:space:]]*at |^Caused by:"
multiline.negate: false
multiline.match: after
Now whenever an exception happens, in kibana log stream all lines of an exception are missing (so they are glued together I assume), but the event is missing message and prints "failed to find message". There is also "log.flags: multiline", but I can't figure out what exactly is wrong.
Edit: Couldn't get this to work, eventually disabled the tomcat module and configured log input with multiline and pipeline in filebeat.yml.
Solution 1:[1]
You can refer the documentation for multiline pattern here : https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html
According to this usual Java exception multiline should have this pattern:
Exception in thread "main" java.lang.IllegalStateException: A book has a null property
at com.example.myproject.Author.getBookIds(Author.java:38)
at com.example.myproject.Bootstrap.main(Bootstrap.java:14)
Caused by: java.lang.NullPointerException
at com.example.myproject.Book.getId(Book.java:22)
at com.example.myproject.Author.getBookIds(Author.java:35)
... 1 more
multiline.type: pattern
multiline.pattern: '^[[:space:]]+(at|\.{3})[[:space:]]+\b|^Caused by:'
multiline.negate: false
multiline.match: after
In this example, the pattern matches the following lines:
- a line that begins with spaces followed by the word at or ...
- a line that begins with the words Caused by:
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | lprakashv |