You can handle that in your configuration here are the docs from Elasticsearch on filebeat->multiline
I found a random example of the multiline commands being used here… that post doesn’t solve the problem is is just an example of multiline processing in the sidecar configuration.