filebeat踩坑

Posted 2020-09-07

使用filebeat5.0.1版本，用filebeat作为日志收集工具时：

java日志格式需要多行匹配，在filebeat配置文件中添加：

  ### Multiline options

  # Mutiline can be used for log messages spanning multiple lines. This is common

  # for Java Stack Traces or C-Line Continuation

  # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [

  multiline.pattern: ^\[ 

  # Defines if the pattern set under pattern should be negated or not. Default is false.

  multiline.negate: true

  # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern

  # that was (not) matched before or after or as long as a pattern is not matched based on negate.

  # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash

  multiline.match: after

上面配置的意思是：不以[开头的行都合并到上一行的末尾

pattern：正则表达式

negate：true 或 false；默认是false，匹配pattern的行合并到上一行；true，不匹配pattern的行合并到上一行

match：after 或 before，合并到上一行的末尾或开头

本文出自 “landanhero” 博客，请务必保留此出处http://landanhero.blog.51cto.com/788351/1912468