Is it possible to have logstash process the events generated from a split?
For example, give the following:
2022-09-06 23:39:01.034+0000 INFO [my.java.class] Process started \n
some lines \n
some more lines \n
process is fined \n
Using multiline the above is combine into a single event. Multiline is also used because java stack traces need to be handled.
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601} "
negate => true
what => previous
# Some logs contain a large amount of multiline data
max_lines => 2000
}
Then I can split the above event into smaller events:
split {
field => "message"
}
This will generate four events, one per line in the original. I then wanted to process these events further. Is this possible?
