Multi-line
Use the multi-line syntax to match records that span more than one line to patterns in the log that you are monitoring.
Specify the \n
new line character as part of the regular expression to indicate
where the line breaks occur in the monitoring log. See this type of syntax in the following example:
REGEX REMultiLine
Line1:(.*)\nLine2(.*)
msg $1
second_msg $2
END
Note: Specify a
\r\n
carriage return and new line
combination.If the following error messages are reported in the log text, the REMultiLine event is created:
Line1: An error occurred
Line2: The error was "disk error"
The msg
slot is assigned the value of An
error occurred
and the second_msg
slot is
assigned the value of The error was "disk error"
.