K
Q

Filebeat autodiscover multi-line logs on Kubernetes

5/30/2020

I am new to Kubernetes and Filebeat, but I am trying to modify our ELK stack running on Kubernetes sot that it picks up multiline logs from spring boot java applications. Here is the original configuration.

filebeat.autodiscover:
      providers:
        - type: kubernetes
          hints.enabled: true

Here is the configuration that I tried. I tried to pick up lines that did not start with a date as being part of the line under them, but the Filebeat does not appear to be registering this config.

filebeat.autodiscover:
      providers:
        - type: kubernetes
          hints.enabled: true
          templates:
            - condition:
                contains:
                  kubernetes.namespace: "mynamespace"
              conifg:
                multiline.pattern: '[0-9]{4}-[0-9]{2}-[0-9]{2}'
                multiline.negate: true
                multiline.match: after

I am sure it is something obvious that I am missing, but does anyone know what I am doing wrong with the config?

-- Evan Snapp
elk
filebeat
kubernetes
logstash

Similar Questions

Spring Boot and Kubernetes Mutual SSL
Environment Variable error while initializing kubernetes
kubernetes pending pod priority
Difficulties creating a SSL web service on GKE

0 Answers