Parsing for mixed single and multi line logs +Callenge +Help
I’m trying to build a parser for a connector that gets single-line and multiline logs mixed and I would like to have some help.
Single line format has several formats depending on the beginning of the log and depending these beginnings the log format is different. I solved this Creating a submessage for each beginning and some patterns according every log. This is working fine until I do the multiline part.
XXXX word YYYY with the value:
XXXX and YYYY are a set of well-known values, let’s call them MultiLineStartN. These starts are strings (For example: horse runs, bee flies, cat jump…) which depending of the string, the number of fields of the rest of the log and the mappings change.
Following the simple-line structure, my idea is to add submessages for every beginning and then create the patterns for every case in the proper submessage. I did this creating a multiline regex with multiple ORs but I don’t know if it will work because the tool agent throws the famous “NullPointerException”.
Do we know if the tool can take multiline logs? I tried with a basic multiline regex and just only one multiline log and sometimes it takes and sometimes no so I think I have to try it in a flex connector.
This is how I did it:
multiline.starts.regex=^(MultilineStart1| MultilineStart 2|…)
regex=((SimpleLineStart1| SimpleLineStart2|…|MultilineStart1| MultilineStart2|…).*)
Thanks in advance!