Hi all, i'm trying to build a logstash.conf file for the following type of log files.
Below is excerpt of an two events:
----Event 1----
Exception at 21 May 2017
(tab)Module: 6764
(tab)Level: Abort
(tab)Code: 83hdjwuyeb68g
XmlDescription: None
----End----
----Event 2----
Exception at 20 May 2017
(tab)Module: 682
(tab)Level: Abort
(tab)Code: 683hhshvaaj67
Responsible configuration:
(tab)Global template: 107
(tab)Xml Description: None
----End-----
Both events appear in the same log, currently im using multiline with pattern ^\t and what previous.
But the issue is for the second event, the line one Responsible configuration does not have a tab.
Wondering if it's possible to use start with Exception as the start of a new event??
If yes, how? I have tried ^E but doesn't seem to work.
If no, anyone have any ideas on how i can do it?
Thanks