I have this raw log output:
[2020-08-07T12:45:33+02:00] 10.8.0.84 ERROR Exception: <log:context>{"exception":"[object] (UnexpectedValueException(code: 0): This is to simulate uncaught exceptions at /home/app1/products/services/lvs-api/releases/2.3.5/src/App/Action/StatusAction.php:29)
[stacktrace]
#0 /home/app1/products/services/lvs-api/releases/2.3.5/vendor/zendframework/zend-expressive/src/Middleware/LazyLoadingMiddleware.php(80): App\\Action\\StatusAction->__invoke(Object(Zend\\Diactoros\\ServerRequest), Object(Zend\\Diactoros\\Response), Object(Closure))
#1 /home/app1/products/services/lvs-api/releases/2.3.5/vendor/zendframework/zend-expressive/src/Middleware/DispatchMiddleware.php(90): Zend\\Expressive\\Middleware\\LazyLoadingMiddleware->process(Object(Zend\\Diactoros\\ServerRequest), Object(Zend\\Stratigility\\Next))
This is the multiline pattern that I use to trap the first line of the message:
^\[\d+|^\d{4}\/\d{2}\/\d{2}
These are the settings for multiline in filebeat:
multiline.pattern: ^\[\d+|^\d{4}\/\d{2}\/\d{2}
multiline.negate: True
multiline.match: after
According to my regex it will trap the line that starts with:
[2020
What is actually happening:
The message is being split up into multiple messages like so:
log message-1: [2020-08-07T12:45:33+02:00] 10.8.0.84 E
log message-2: [stacktrace]
log message-3: #0 /home/app1/pr
log message-4: #1 /home/app1/pr
json output also confirms this.
Can anyone advise how I can fix this?
.