Why are messages cut line by line in Kibana?

J

Jolt2020-10-22 22:59:14

linux

Jolt, 2020-10-22 22:59:14

There are several microservices.
Everyone writes logs to ELK through the logging mechanism built into docker, configured in docker-compose like this:

logging:
      driver: "syslog"
      options:
        syslog-address: "upd://192.168...."
        tag: "$HOSTNAME {{.ImageName}} {{.Name}} "

But in kibana, each message is divided into lines (that is, in each kibana message, the message field is only up to the end of the line, the rest of the lines have to be searched for by different filters).

Where did I do something wrong? :)

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

Saboteur, 2020-10-23
@Jolt

Kibana does not cut or break anything at all.
How you put strings in elastic is how they are stored there.
It is necessary to parse them with something along the way, combine multiline messages and send them to the elastic as a single message. This is what logstesh does, for example. Or you need to see what your built-in logging mechanism can do, maybe there are settings for multistring

M

mayton2019, 2020-10-23
@mayton2019

Make an additional appender that writes in json format and set up kibana for these files. And then the multiline problem will be solved.