У меня есть filebeat-> ES setup.no logsta sh. У меня есть журналы, как показано ниже:
2020 Feb 11 06:56:30:554 GMT -0500 DEBUG [LogPool$0] com.ZU.digital.utilityservices.logging.Logging - EAI-DEBUG | ProcessOrderStatus.rule: Id - : OrderStatusNotification Payload : <?xml version="1.0" encoding="UTF-8"?>
<ns0:OSN >
ns0:merchantID200142</ns0:merchantID>
ns0:orderCode2003787391047586</ns0:orderCode>
ns0:lastEventCAPTURED</ns0:lastEvent>
ns0:paymentAmount12.90</ns0:paymentAmount>
ns0:paymentCurrencyEUR</ns0:paymentCurrency>
ns0:paymentCreditDebitINDC</ns0:paymentCreditDebitIND>
ns0:additionalData
ns0:data
ns0:name/
ns0:value/
</ns0:data>
</ns0:additionalData>
</ns0:OSN>
2020 Feb 11 06:56:30:554 GMT -0500 DEBUG [LogPool$0] com.ZU.digital.utilityservices.logging.Logging - Masking input XML in maskEntireXml
У меня есть многострочный шаблон:
multiline.pattern: '^[0-9]{4}[[:space:]]'
# Defines if the pattern set under pattern should be negated or not. Default is false.
multiline.negate: true
# Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
# that was (not) matched before or after or as long as a pattern is not matched based on negate.
# Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
multiline.match: after
, но каждая строка обрабатывается как одно событие. Regex протестирован в игре golang и работает нормально. Я хочу журналы как одно событие между датами