Logstash中的以下编解码器配置永远不会检测到新行:
input {
file {
path => "c:\temp\log5.log"
type => "log4net"
codec => multiline {
pattern => "^hello"
negate => true
what => previous
}
}
}
请有人确认我对上述配置的解释是否正确:
如果一行不以文字&#34开头,你好"然后合并那条线 与前一行。相反,如果一行以文本开头 "你好" treat是新日志事件的开始。
使用上面的配置,Logstash从不在我的日志文件中检测到新行,即使我有几行以" hello"开头。任何想法可能是什么问题?
修改
input {
file {
path => "//22.149.166.241/GatewayUnsecure/Log_2016.03.22_22.log"
start_position => "beginning"
type => "log4net"
codec => multiline {
pattern => "^%{YEAR}[/-]%{MONTHNUM}[/-]%{MONTHDAY}"
negate => true
what => previous
}
}
}
记录样本:
2016-03-22 22:00:07,768 [3] INFO AbCap.Cerberus [(null)] - Cerberus 'Cerberus Service Hosting - Unsecure', ('Local'), version 1.0.0.0, host 'WinService' 2016-03-22 22:00:07,783 [7] INFO AbCap.Cerberus [(null)] - Starting 'Cerberus Service Hosting - Unsecure' on JHBDSM020000273 in Local. 2016-03-22 22:00:07,783 [7] DEBUG AbCap.Cerberus [(null)] - Starting: WcfHostWorker 2016-03-22 22:00:07,783 [7] INFO AbCap.Cerberus [(null)] - is opening