Hi all,
I would like to monitor a directory, where per event a file is written; each event-file consists of several key=value pairs.
> /var/log/dir/history.*
> head /var/log/dir/history.1234
key1 = value1
key2 = value2
...
I put the kv filter plugin on the files and in principle it parses the key-value pairs. But I have not managed to read the input as some kind of multiline, i.e., I need to conflate each file into one event.
Since the multiline input requires a pattern to match as go forward/backward from the match, I am not sure how to formulate a a rule for the "whole" file (since the regexp needs some character pattern, or?).
Because I have to consider the whole file as one event, I have no real regex or so to match.
Is there maybe something else than multiline or so, that I can use as input plugin (or tell multiline to match on fopen/fclose? 
)
Cheers and thanks for any ideas,
Thomas