fluent-plugin-grok-parser icon indicating copy to clipboard operation
fluent-plugin-grok-parser copied to clipboard
verified publisher icon fluent

Multiline grock issue

Open saroj617 opened this issue 3 years ago • 0 comments

Hi I have a log file which has logs like below

----------- SCAN SUMMARY ----------- Known viruses: 368701 Engine version: 0.103.3 Scanned directories: 8103 Scanned files: 79957 Infected files: 0 Data scanned: 6801.17 MB Data read: 3763.00 MB (ratio 1.81:1) Time: 3300.802 sec (55 m 0 s) Start Date: 2021:12:07 06:22:02 End Date: 2021:12:07 07:17:03 clamscan_exit_code=0; submitted_metrics_count=3; secs_since_last_run=86423.197871; secs_since_last_success=86423.197871

My config looks like this # @type tail tag parsed.clamscan path /var/log/clamav/clamscan.log log_category clamscan pos_file /etc/griffin/pos/clamscan_min.pos path_key tailed_path @type multiline_grok multiline_start_regexp /.SCAN\sSUMMARY./ grok_pattern %{GREEDYDATA:msg}

But because of \n in the start of the log , its not parsing my log Please advise

saroj617 avatar Feb 03 '22 11:02 saroj617