Below is my config file:
filter {
if [type] == "syslog" {
multiline {
pattern => "^%{TIMESTAMP_ISO8601}"
negate => true
what => "previous"
max_age => 7
add_tag => [ "multiline" ] }
grok {
break_on_match => false
match => { "message" => "%{TIMESTAMP_ISO8601:logTime} %{LOGLEVEL:LogLevel} \[%{NOTSPACE:logClass}\] %{GREEDYDATA:LogMsg}" }
match => ["message", "(.*Caused by: +%{GREEDYDATA:causedBy}$)?"]
}
date {
match => [ "logTime" , "yyyyMMdd-HH:mm:ss.SSSZ", "ISO8601" ]
timezone => "UTC"
}
}
}
My logs :
2014-01-29 11:06:48,384 ERROR [de.Fm.Radium.Thorium.server.bean3.vollinfo.VollinfoTransformer] A sequence of more than one item is not allowed as the third argument of c$
net.sf.saxon.trans.DynamicError: A sequence of more than one item is not allowed as the third argument of concat()
at com.amazonaws.auth.AbstractAWSSigner.signAndBase64Encode(AbstractAWSSigner.java:71)
at com.amazonaws.auth.AbstractAWSSigner.signAndBase64Encode(AbstractAWSSigner.java:71)
at com.amazonaws.auth.AbstractAWSSigner.signAndBase64Encode(AbstractAWSSigner.java:71)
Caused by: com.amazonaws.AmazonClientException: Unable to calculate a request signature: Empty key
at com.amazonaws.services.sqs.AmazonSQSClient.invoke(AmazonSQSClient.java:776)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:170)
Caused by: com.amazonaws.AmazonClientException: Unable to calculate a request signature: Empty key
at com.amazonaws.auth.AbstractAWSSigner.sign(AbstractAWSSigner.java:90)
at com.amazonaws.auth.AbstractAWSSigner.signAndBase64Encode(AbstractAWSSigner.java:68)
2014-01-29 11:06:48,383 ERROR [stderr] XPTY0004: A sequence of more than one item is not allowed as the third argument of concat()
What I need to capture is the whole line starting with 'Caused by' up to the line break. My Problem is ,I captur just the last one (Caused by)