[graylog2] Re: graylog - filebeat logging

[Jochen Schalanda]

Hi,

I'd recommend matching the timestamp as start of the log entry, e. g. 
"2016-12-05 14:07:45,399" would be matched by "\d{4}-\d{2}-\d{2} 
\d{2}:\d{2}:\d{2},\d{1,3}".

See 
https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html 
for some examples.

Cheers,
Jochen

On Thursday, 22 December 2016 08:53:03 UTC+1, mytempledarkstar wrote:
>
> Hello.
>
>
> I am using filebeat to push data to graylog/elasticsearch.
> Now i am trying to push that type  of information from log file:
>
> 2016-12-05 14:07:45,399 |
> SUCCESS Finished executing sql (8 ms): 7ed3a851-2f36-47a5-ad12-028169d48ae4 
> select distinct
> wp.id,
> wp.a,
> wp.b,
> wp.c,
> wp.d,
> wp.e,
> wp.f,
> pp.g
> from 
> x wp,
> y kp,
> x pp
> where 
> ? between wp.dataa and wp.databb and
> (kp.idparam = ?) and
> ((pp.code = ?)  or (pp.test = 1) and 
> (select distinct
>   count (pp.code)
>  from 
>   a wp,
>   b kp,
>   c pp
>  where 
>   (kp.id = ?) and
>   (pp.code = ?) and
>   (pp.idka = kp.id) and
>   (wp.idd = pp.id)
>   group by pp.code) IS NULL) and
> (pp.code = ?) and
> (pp.idka = kp.id) and
> (wp.idpr = pp.id);
>
> 2016-12-05 14:07:45,410 | INFO  | 
>
>
> 1. approach: I used include_ lines:
> "SUCCESS Finished executing sql \((?:\d+) ms\): (?:[^\r\n]+)\r?\n-- Nazwa 
> wykonywanego pliku sql: (?:[^\r\n]+)\r?\n(.*?)(?:\r?\n\d\d\d\d-\d\d-\d\d 
> \d\d:\d\d:\d\d,\d\d\d|\z"
> 2.approach:
>  multiline:
>      match: after
>      pattern: "SUCCESS Finished executing sql"
>      max_lines: 50
>     paths:
>     - /vlogfile.log
>     scan_frequency: 10s
>     tail_files: false
>
>
>
>
> I have no idea how to catch it with regexsp. 
> I used multilinepatern but that is not working.
> Could You help me how to work with that type of information in log file ?
>
> Graylog 2.1
> Filebeat 5.1
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c29eccbf-619b-491e-a48d-77921aeb2eeb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.