Revert "Special case ansible logs"
This reverts commit 261b07deb6
.
ElasticSearch is erroring with:
Caused by:
org.elasticsearch.common.util.concurrent.UncheckedExecutionException:
org.elasticsearch.common.breaker.CircuitBreakingException:
[FIELDDATA] Data too large, data for [@timestamp]
This is the only recent change to parsing of fields so I think
it must be related. Revert for now until we can debug.
Change-Id: I66bf1669313d9a5a38da40d075c125cdd1cded39
This commit is contained in:
parent
261b07deb6
commit
8e1215bb03
@ -18,9 +18,7 @@ filter {
|
||||
}
|
||||
multiline {
|
||||
negate => true
|
||||
# Special case ansible output here because it likes to go on its own
|
||||
# line without a timestamp but isn't part of a mulitline event.
|
||||
pattern => "(^%{TIMESTAMP_ISO8601} \||^%{WORD}%{SPACE}\|%{SPACE}%{WORD}%{SPACE}\|%{SPACE}rc=%{NUMBER}%{SPACE}>>$)"
|
||||
pattern => "^%{TIMESTAMP_ISO8601} \|"
|
||||
what => "previous"
|
||||
stream_identity => "%{host}.%{filename}"
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user