In the multiline documentation the setting "pattern" is a string and it's not possible to put an array of patterns, but I have a really hard logfile to parse and I need to do something similar.
I have two type of logs in the SAME FILE and sometimes they are on multiple lines as following :
2016-02-16 17:25:35,241 foo foo foo foo
foo foo foo foo
foo foo foo foo
foo foo foo foo
foo foo foo foo
Wed Feb 17 09:59:28 CET 2016 foo foo foo foo
foo foo foo foo
foo foo foo foo
foo foo foo foo
I tried to do two multiline or something as following but without sucess :
multiline{
pattern => "((^%{TIMESTAMP_ISO8601}%{SPACE})|(^%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{WORD} %{YEAR}))"
what => "previous"
negate => true
}
How can I do a multiline codec matching my logs on multiple lines ?
Thanks
