Reply to Message

View discussion in a popup

Replying to:
Cederberg
Enthusiast
Enthusiast

Hi.

To get all the text in to one logevent you need to define a event marker in your filelog config it's right under the directory line in the gui. I see in your screenchot you only had the default ^ in the textbox for event marker and ^ means start of line if i'm not misstaken. So you need to do a regexp for the start of every event. If for example every line starts with the timecode you have in the example you gave you need to match that in event marker. ^\[\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}-\d{2}:\d{2}\] will match lines that starts like this [2020-06-10T15:28:10-04:00] and put everything after that into one log event until the next match.

The parser can then be used to parse the event into fields for filtering.

Hope that helps

Best regards

//Mattias

Reply
0 Kudos