I would like to improve the MSSQL module in filebeats so that that the multiline messages in the SQL log maps into an ECS structure.
The multiline messages that I am looking at always has 'Error:' in the messsage.
What would the recommendation for this be, should I build a multiline filter, or should I build a js script like the ones used in the winlogbeats?
Cheers