This post is older than a year. Consider some information might not be accurate anymore.
JBoss Logs contains messages that are spread across over multiple lines. For instance startup messages and exceptions. This post demonstrates how to handle them in logstash and keep them as message part together.
Use the codec multiline in the input section to pack those messages together.
input {
file {
type => "jboss"
path => "/var/log/jboss/log/server.log"
start_position => beginning
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601}"
negate => true
what => "previous"
}
}
}
Every line that doesn’t start with a timestamp, will be assigned to the previous line until a new line is detected.
