Multiline not working as expected
Tags:
I am trying to use multiline to ship a log file. Here is my config:
<Extension log>
Module xm_multiline
HeaderLine /^\---Begin event transaction---/
EndLine /^\---Event Reporting Complete---/
</Extension>
<Extension json>
Module xm_json
</Extension>
<Input in>
Module im_file
File "C:\\Users\\Administrator\\Desktop\\log.txt"
SavePos FALSE
ReadFromLast FALSE
Exec to_json();
</Input>
<Output out>
Module om_tcp
Host (server)
Port 5010
</Output>
<Route>
Path in => out
</Route>
I have blank entries in my database; 1 blank entry for each line that should be a part of the multiline (37 in one case).
Any help would be appreciated.
Thanks,
#1
Deleted user
I am trying to use multiline to ship a log file. Here is my config:
<Extension log>
Module xm_multiline
HeaderLine /^\---Begin event transaction---/
EndLine /^\---Event Reporting Complete---/
</Extension>
<Extension json>
Module xm_json
</Extension>
<Input in>
Module im_file
File "C:\\Users\\Administrator\\Desktop\\log.txt"
SavePos FALSE
ReadFromLast FALSE
Exec to_json();
</Input>
<Output out>
Module om_tcp
Host (server)
Port 5010
</Output>
<Route>
Path in => out
</Route>
I have blank entries in my database; 1 blank entry for each line that should be a part of the multiline (37 in one case).
Any help would be appreciated.
Thanks,
Not sure if this helps, but the input file is a plain text file.
