Docker logstash-5.x gelf输入多行编解码器不'；行不通_Docker_Logstash_Logstash Configuration_Gelf

Docker logstash-5.x gelf输入多行编解码器不'；行不通

docker logstash

Docker logstash-5.x gelf输入多行编解码器不'；行不通,docker,logstash,logstash-configuration,gelf,Docker,Logstash,Logstash Configuration,Gelf,我有一个简单而直接的配置，我不确定我在尝试让这个多行工作时做错了什么 input { gelf { codec => multiline { pattern => "^%{TIMESTAMP_ISO8601} " negate => true what => "previous" } } } filter {} output { # I ha

我有一个简单而直接的配置，我不确定我在尝试让这个多行工作时做错了什么

input {
    gelf {
        codec => multiline {
            pattern => "^%{TIMESTAMP_ISO8601} "
            negate => true
            what => "previous"
        }
    }
}

filter {}

output {
    # I have the relevant ES hosts & index here
    elasticsearch { }
    stdout {
        codec => rubydebug
    }
}

我正在测试它，如下所示，我得到了单行，多行标记没有被添加，我在logstash调试日志中看到它，事件一个接一个地通过过滤器

docker run -it --log-driver gelf --log-opt gelf-address=udp://127.0.0.1:12201 \
    --log-opt tag=mline-test python:alpine \
    python -c 'print("[2017-10-18 00:00:00,000] Hello world");assert False'

我用logstash版本5.5.2和5.6.3=>elasticsearch 5.5测试了这一点
我安装了logstash多行编解码器
我知道我可以通过logstash2.4中的（现在已删除）多行过滤器来实现这一点

我发现在gelf输入插件中忽略了编解码器：

这意味着使用gelf的唯一多行选项是使用logstash-2.4并获得单线程性能

Settings: Default pipeline workers: 4
Defaulting pipeline worker threads to 1 because there are some filters that might not work with multiple worker threads {:count_was=>4, :filters=>["multiline"], :level=>:warn}
Pipeline main started