Multiline Parsing Options in Helm chart

[mskhor]

Is there an option to have multiline parsing with a default format at collector level? Collector should process logs in a default format while sending to sumo something like https://github.com/fluent/helm-charts/blob/main/charts/fluent-bit/values.yaml#L428

Our applications use different format for logs and saw a possible solution here by having multiple condition for regex https://help.sumologic.com/docs/send-data/kubernetes/collecting-logs/#multiline-log-parsing

While this is a solution, we need to have multiple condition for different apps.

[jagan2221]

@mskhor To be able to define multiple condition for different apps, we can use conditional multi-line parsing as mentioned in below doc.

https://help.sumologic.com/docs/send-data/kubernetes/collecting-logs/#multiline-log-parsing

Assuming multiple apps you say are apps containerized(say nginx for example), if this is not the case, please share your use case. example: sumologic: logs: multiline: enabled: true first_line_regex: "^\[?\d{4}-\d{1,2}-\d{1,2}.\d{2}:\d{2}:\d{2}" additional:

• first_line_regex: "^@@@@ First Line" condition: 'attributes[**"k8s.container.name"]= "mynginx***"'