Grok

 

Examples

For multiline GREEDYDATA we can use (?m)

input

grok filter

output

However we must to set for filebeat correct pattern. By default filter will to apply to every new line in log-file. To consolidate these lines into a single event in Filebeat by date, use the following multiline configuration:

/etc/filebeat/filebeat.yml