1st | | 2nd | 3rd | 4th | 5th | 6th | 7th | 8th | 2012.07.12 05:31:04 | 10th | ProductDir:C:\ samplefiles \ test \ storage \ 4.0(LF)
C:\ samplefiles \ test \ storage \ 5.0(LF)
SampleDir:(LF)
注意:LF->换行被附加
我尝试了以下选项。.似乎没有任何作用
match => [ "message", "(?m).... (?<message>(.|\r|\n)*) mutate {gsub => ["message", "\n", "LINE_BREAK"] } 最佳答案
(?m)%{GREEDYDATA}将匹配任何多行日志,包括您的日志。
请测试here
关于elasticsearch - 多行的Grok模式不起作用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51317477/