-3

I need the regex syntax for multiline.pattern for my filebeat.yml. Please find the attached logs line for which I need the regex syntax. logs

enter image description here

vladimir
  • 13,428
  • 2
  • 44
  • 70
Sourav
  • 3,025
  • 2
  • 13
  • 29

1 Answers1

0

At first glance this one will be enough:

filebeat.inputs:
- type: log
  enabled: true
  # https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html
  multiline.pattern: '^.{3} \d{2}, \d{4}'
  multiline.negate: true
  multiline.match: after

Log example:

Jul 03, 2019 12:14:05 PM com.splunk
vladimir
  • 13,428
  • 2
  • 44
  • 70