In our application, every message start with “2019-01-22 16:31:39+0000” as shown below
“2019-01-22 16:31:39+0000 [index:query-api] INFO [http-nio-8080-exec-10] [tId:418a017d-ce78-4a76-b2bf-b293ebc6f79f] [rId:6a128d76-3ecc-464b-8c14-d2344d6ca565] [tt:DEMO]{aId=} com.gainsight.service.PostgresAndRedshiftQueryAPIServiceImpl:HAPOSTGRES query built: SELECT t1.accountName AS “t1_AccountName”, t1.recipientEmailAddress AS “t1_RecipientEmailAddress”, t1.sfdcAccountId AS “t1_SfdcAccountId”, t1.gsid AS “t1_Gsid”, t1.participantId AS “t1_ParticipantId”, t1.participantState AS “t1_ParticipantState”, t1.participantSourceName AS “t1_ParticipantSourceName”, t1.failureReasons AS “t1_FailureReasons”, t1.contextAttributeString1 AS “t1_ContextAttributeString1”, t1.contextAttributeString2 AS “t1_ContextAttributeString2”
LIMIT 1000”
But instead of the single message, it displays as three messages in Graylog as shown in the below fig
At The Client Side:
Install “graylog-sidecar-1.0.0-1.beta.2.x86_64.rpm” and configured “/etc/graylog/sidecar/sidecar.yml” the server details, Node Name and API Token.
Thank you Jan Doberstein, Working fine with below settings
multiline.pattern: ‘^[0-9]{4}-[0-9]{2}-[0-9]{2}’
multiline.negate: true
multiline.match: after