Revert "Special case ansible logs"

This reverts commit 261b07deb6.

ElasticSearch is erroring with:
Caused by:
org.elasticsearch.common.util.concurrent.UncheckedExecutionException:
org.elasticsearch.common.breaker.CircuitBreakingException:
[FIELDDATA] Data too large, data for [@timestamp]

This is the only recent change to parsing of fields so I think
it must be related. Revert for now until we can debug.

Change-Id: I66bf1669313d9a5a38da40d075c125cdd1cded39
This commit is contained in:
Clark Boylan 2015-11-12 20:33:59 +00:00
parent 261b07deb6
commit 8e1215bb03

View File

@ -18,9 +18,7 @@ filter {
}
multiline {
negate => true
# Special case ansible output here because it likes to go on its own
# line without a timestamp but isn't part of a mulitline event.
pattern => "(^%{TIMESTAMP_ISO8601} \||^%{WORD}%{SPACE}\|%{SPACE}%{WORD}%{SPACE}\|%{SPACE}rc=%{NUMBER}%{SPACE}>>$)"
pattern => "^%{TIMESTAMP_ISO8601} \|"
what => "previous"
stream_identity => "%{host}.%{filename}"
}