I want to define a logstash filter with than one matcher because in one .log file there is more type of logged message. As I checked if I have one logfile and I define more separated filter then just the first filter running on the row.
You can use a grok filter with multiple patterns, or you can use if statements to conditionally parse.
To use multiple patterns, you'd just list them on the grok:
grok {
match => [ "message",
"Error on line (?<line>\d+)",
"Exception in (?<place>\d+)",
"Something else"
]
}
Logstash will evaluate them in order and stop when one of them matches (or give you a tag of _grokparsefailure if none match)
The other thing you can do is conditional evaluation:
if [message] =~ /Some pattern/ {
grok {
match => ['message','Some pattern of (?<number>\d+) stuff']
}
} else if [message] =~ /Some other pattern/ {
...
}