bxb100 · April 17, 2022 04:34
diff --git a/fluent-bit.conf b/fluent-bit.conf
 [SERVICE]
    flush        1
    log_level    info
    parsers_file parsers_multiline.conf

 [INPUT]
    name             tail
    path             /var/log/brewery-monolith.log
    read_from_head   true
    multiline.parser multiline-regex-test
    tag              brewery

 [FILTER]
    Name    grep
    Match   *
    Exclude $log ^\r\n$

 [OUTPUT]
    Name  es
    Match brewery
    Host  es01
    Port  9200
    Index my_index
    Suppress_Type_Name On
    tls On
    tls.verify Off
    HTTP_User elastic
    HTTP_Passwd elastic
diff --git a/parsers_multiline.conf b/parsers_multiline.conf
 [MULTILINE_PARSER]
    name          multiline-regex-test
    type          regex
    flush_timeout 1000
    rule      "start_state"   "/(\d{4}-\d{2}-\d{2}\s\d+\:\d+\:\d+.\d+)(.*)/"  "cont1"
    rule      "cont1"         "/^([\r\n]|\t[a-zA-Z\: \.\]]+)/"                "cont2" 
    rule      "cont2"         "/^(?:\t?[a-zA-Z]|\tat|\t\.\.\.).*/"            "cont2"
	[SERVICE]
	flush 1
	log_level info
	parsers_file parsers_multiline.conf

	[INPUT]
	name tail
	path /var/log/brewery-monolith.log
	read_from_head true
	multiline.parser multiline-regex-test
	tag brewery

	[FILTER]
	Name grep
	Match *
	Exclude $log ^\r\n$

	[OUTPUT]
	Name es
	Match brewery
	Host es01
	Port 9200
	Index my_index
	Suppress_Type_Name On
	tls On
	tls.verify Off
	HTTP_User elastic
	HTTP_Passwd elastic
	[MULTILINE_PARSER]
	name multiline-regex-test
	type regex
	flush_timeout 1000
	rule "start_state" "/(\d{4}-\d{2}-\d{2}\s\d+\:\d+\:\d+.\d+)(.*)/" "cont1"
	rule "cont1" "/^([\r\n]\|\t[a-zA-Z\: \.\]]+)/" "cont2"
	rule "cont2" "/^(?:\t?[a-zA-Z]\|\tat\|\t\.\.\.).*/" "cont2"