Multiline events not parsed correctly

We are trying to replace custom log parsing performed via Filebeat + Logstash by using the Elastic Agent + Fleet. We built and tested the Ingest Pipeline successfully, and set up the Fleet infrastructure. Reading the log file works okay, but the problem is that log entries are multiline:

The grok pattern in our Pipeline acknowledges that, but the Custom Logs integration doesn't seem to like it. We followed all steps from the support article (Ingest pipelines | Elasticsearch Guide [8.3] | Elastic), but when we add any entries to the Custom configurations section of the integration policy, the agent stops parsing logs:


Here are the errors from the agent logs:

Can someone please help me understand how multiline logs can be ingested via Elastic Agent?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.