So, I have an issue with JDE logs. They rotate whenever the log file gets to ~5 Megabytes. The issue that I am having, is that I am using multiline to gather the log files. What is happening however, is that the multiline may in fact span multiple files as the multiline output may not be in the one file.
Example of a multiline entry, separated by date
Jul 22, 2024 1:05:01 PM fff fixQuotesAroundSoapAction
INFO: Received HTTP Header:
[BSSVLoginModule : initialize]
log in returned successfully from BSSVWLSLoginModule
[BSSVLoginModule : initialize]
log in returned successfully from BSSVWLSLoginModule
However, what I am seeing, is that intermittently, I will get this
file.0001
Jul 22, 2024 1:05:01 PM fff fixQuotesAroundSoapAction
INFO: Received HTTP Header:
[BSSVLoginModule : initialize]
log in returned successfully from BSSVWLSLoginModule
file.0002
[BSSVLoginModule : initialize]
log in returned successfully from BSSVWLSLoginModule
Jul 22, 2024 1:06:01 PM hhh fixQuotesAroundSoapAction
What results is a _grokparsefailures due to incorrect log format.
Is there any way to make Elastic Agent continue reading multiline across files?