Multiline

The Multiline Filter helps to concatenate messages that originally belong to one context but were split across multiple records or log lines. Common examples are stack traces or applications that print logs in multiple lines.

As part of the built-in functionality, without major configuration effort, you can enable one of ours built-in parsers with auto detection and multi format support:

• python
• ruby

Some comments about this filter:

• The usage of this filter depends on a previous configuration of a Multiline Parser definition.
• If you aim to concatenate messages split originally by Docker or CRI container engines, we recommend doing the concatenation on , this same functionality exists there.

The plugin supports the following configuration parameters:

Configuration Example

{% hint style=”info” %} The following example files can be located at:

{% endhint %}

Example files content:

{% tabs %} {% tab title=”fluent-bit.conf” %} This is the primary Fluent Bit configuration file. It includes the and tails the file test.log by applying the multiline parsers and go. Then it sends the processing to the standard output.

{% tab title=”parsers_multiline.conf” %} This second file defines a multiline parser for the example. Note that a second multiline parser called is used in fluent-bit.conf, but this one is a built-in parser.

{% endtab %}

{% tab title=”test.log” %} An example file with multiline and multiformat content:

{% endtab %} {% endtabs %}

The lines that did not match a pattern are not considered as part of the multiline message, while the ones that matched the rules were concatenated properly.