Hi,
I have a log like this:
2018-08-03 xxx
# yyy
# yyy
# yyy
2018-08-03 xxx
I need help with filebeat demultilining this log. I need all events starting with a number in a single line, but I need all lines from a block starting with # in one event.
My problem is that all multiline mechanics of filebeat will use one of the lines with the timestamp as first or last line of the multiline event. This is not what I need. In fact, lines starting with a timestamp and logs starting with # should, in my opinion, be put into different logfiles but I won't be able to change it.
Can anyone give me a hint? Am I just blind or is this really not possible with the current options.