Hello together,
I have the problem of pulling some log files which have some extremly long log entries.
While the first lines do contain useful informations i want to throw anything which comes after those away and not saving them into the DB.
Is there any way to limit the multiline plugin by the lines it pulls?
This is my current input item:
[[inputs.tail]]
files = ["{{ installation_dir }}//logs/{{ root_contexts[app] }}.log"]
name_override = "log_{{ root_contexts[app] }}"
from_beginning = true
data_format = "grok"
grok_patterns = ['(?<timestamp>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}T%{HOUR}:%{MINUTE}:%{SECOND},%{INT}%{DATA:timezone}) \[%{DATA:container_info}\]\s+%{LOGLEVEL:loglevel}\s+%{DATA:classname}\s+-\s+%{GREEDYDATA:message}']
grok_custom_patterns = '''
'''
path_tag = ""
watch_method = "inotify"
[inputs.tail.multiline]
pattern = '^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:,\d{3})?(?:\+\d{4}|Z)'
invert_match = true
match_which_line = "previous"