We are trying to replace custom log parsing performed via Filebeat + Logstash by using the Elastic Agent + Fleet. We built and tested the Ingest Pipeline successfully, and set up the Fleet infrastructure. Reading the log file works okay, but the problem is that log entries are multiline:
The grok pattern in our Pipeline acknowledges that, but the Custom Logs integration doesn't seem to like it. We followed all steps from the support article (Ingest pipelines | Elasticsearch Guide [8.3] | Elastic), but when we add any entries to the Custom configurations section of the integration policy, the agent stops parsing logs:
Here are the errors from the agent logs:
Can someone please help me understand how multiline logs can be ingested via Elastic Agent?