Multiline Codec stacking logs from different sources

Hi there guys,

We are using a logging framework in which a multitude of different servers write their logs to a kafka topic with two partitions, and then two instances of logstash on different VM's read from that topic using the logstash-kafka input and a multiline codec.

We have noticed an extremely strange case where we thought we were losing logs, but in fact discovered that some of our logs from one server were being appended to logs from another server. What could cause this?? Our kafka topic has two partitions, and we have two consumers with one thread each, which I believe is the recommended balance of consumers vs. partitions.

On another front, doesn't the multiline codec have a concept of stream identity?? Why would rows from two different servers/sources ever come into contact with each other?? Is there a setting I can change to make sure they do not??

Any help appreciated this issue is really putting us into a weird spot.


Moved to Logstash