Don't parse the text logs. Just set up Logtash to consume from a queue bound to the amq.rabbitmq.log exchange.
filter {
if [type] == "rabbitmq" {
codec => multiline {
pattern => "^="
negate => true
what => "previous"
}
Codecs are specified for inputs. You can't list a codec in the filter block.