DEVHIDE
Login Or Sign up

Parse multiline logs as a single event in Fluentd

3.2k Views Asked by At

We have EFK implemented on Openshift Container Platform version 4.3.

Issue: Multiline logs such as Java Stack trace, SQL queries are not getting parsed as a single event in Fluentd and because of this we are getting multiple entries in Kibana. We need to parse multiline logs as a single event, so that we get a single entry in Kibana for an exception or SQL query.

openshift fluentd efk
Original Q&A
1

There are 1 best solutions below

0
On

Easy: switch application logging format to json.

Hard: https://docs.fluentd.org/parser/multiline. Usually format_firstline and format1 is enough - everything else is appended until the next format_firstline match.

Related Questions in OPENSHIFT

Related Questions in FLUENTD

Related Questions in EFK

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.