0

I have a dataset like this:- 

1. Sun Jul  5 00:04:01 EDT 2015

2. root         1     0  0.0  0.0   640  10372 Apr20 init [3]         
3. root         2     1  0.0  0.0     0      0 Apr20 [migration/0]

And I need to filter out the timestamp from first line and add it with each message from second line.

Please help me to do this using logstash grok plugin.

soumya
  • 3,801
  • 9
  • 35
  • 69
abhishek kumar
  • 1
  • 1
  • Unfortunately, logstash typically treats each line as a distinct event. I've not seen a way to do what you're asking. – Alain Collins Sep 11 '15 at 14:55
  • I agree with @AlainCollins, Logstash processes each line independently and doesn't keep a memory of previous lines. – Chro Sep 11 '15 at 20:31
  • There's a poorly documented metaevent filter plugin that _I suspect_ provides this functionality. https://www.elastic.co/guide/en/logstash/current/plugins-filters-metaevent.html – Crunch Sep 25 '15 at 22:41

0 Answers0