Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
O
O
onedmgoflthl2016-11-28 21:31:42
elasticsearch
onedmgoflthl, 2016-11-28 21:31:42

Intersecting Multiline lines in different events?

Greetings gentlemen!
Maybe someone came across. The log has blocks of events that begin and end with a key phrase. Roughly speaking, "input" - "events" - "output". Multiline perfectly stitches everything into one event, grok pulls out the necessary data. However, it happens that the "exit" does not have time to occur before a new "entrance" begins. It turns out "input1" - "input2" - "events1 and events2 mixed" - "output1" - "output2". Is it possible to somehow contrive and stitch events not by the phrase "input", but starting from the input and ending with the output? In this case, two events should have intersecting lines.
LS and ES versions 5.0, filebeat transport 5.0.1 Any hints
would be greatly appreciated!

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
A
almalm2013-12-09 18:05:59
Timestamp in logstash, elasticsearch, kibana 1Reply
V
Vadim2020-07-21 19:37:20
How to filter Graylog messages in search bar? 1Reply
R
Roman Mirilaczvili2021-11-11 12:57:43
How to import dataset of 30k documents into ElasticSearch? 1Reply
T
Talik2016-04-07 11:04:44
How to organize multiple elastalert commands? 0Reply
L
loly2016-04-11 00:06:55
How to properly create an index in ElasticSearch? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question