Configuring multiline support for the Logging agent for Windows

Grouping of multiline logs by the IBM® Cloud Logs Logging agent from non-orchestrated environments (for example, Windows) is configured similar to that of orchestrated environments. The changes include the parsing required to group log lines that are supposed to be together as a single log record.

If you're running the Logging agent in a non-orchestrated environment (such as a standalone VM or bare-metal server), you do not need to apply multiline parsers using a separate filter or preprocessor.

Instead, you can directly specify your multiline parsers in the [INPUT] section of the inputs.conf file. This is simpler and sufficient.

For example:

[INPUT]
      Name              tail
      Tag               *
      Path              /var/log/*.log
      Path_Key          file
      Exclude_Path      /var/log/audit.log
      DB                /var/lib/fluent-bit/fluent-bit.DB
      Buffer_Chunk_Size 32KB
      Buffer_Max_Size   256KB
      Multiline.parser  go,multiline-java-example,multiline-nodejs-winston
      Skip_Long_Lines   On
      Refresh_Interval  10
      storage.type      filesystem
      storage.pause_on_chunks_overlimit on

Multiple multiline parsers are specified in Multiline.parser as a comma-separated list. The agent will try each parser in the order provided until one matches. This is useful when your system hosts applications with different logging formats (for example, Go, Java, Node.js).