[Docs] [Filebeat] Multiline docs should reflect new filestream syntax in 8.x+

[bvader]

The multiline examples in the docs are misleading / confusing as the are for the new filestream syntax and since that is now the default the multiline examples / docs should follow the new standard / syntax

User trying the current docs are very frustrated as the current documented examples just gets ignored ..

https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html

multiline.type: pattern
multiline.pattern: '^\['
multiline.negate: true
multiline.match: after

should be

parsers:
    - multiline:
        type: pattern
        pattern: '^\['
        negate: true
        match: after

[elasticmachine]

Pinging @elastic/obs-docs (Team:Docs)

[elasticmachine]

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

[roc-lee]

This is the fact.

[jasonperrone]

By the way, the syntax is not working for me. At all.

- type: filestream
  id: 4
  enabled: true
  paths:
  - /home/jason/logs/catalina*.log
  - /home/jason/logs/localhost.*.log
  prospector.scanner.exclude_files: ['\.gz$','\.swp$']
  fields_under_root: true
  fields:
    pipeline: txgang_uat_catalina_log
    app: TxGang
    service: Tomcat
    instance: TxGang
    channel: Application
  parsers:
    - multiline:
      type: pattern
      pattern: '^\w\w\w\s\d+,\s\d\d\d\d\s\d+:\d+:\d+\s[AP]M'
      negate: true
      match: after

I get the following error from Filebeat: Exiting: Failed to start crawler: starting input failed: error while initializing input: error while parsing multiline parser config: unknown matcher type: accessing 'filebeat.inputs.2.parsers.0.multiline' accessing 'filebeat.inputs.2' (source:'/etc/filebeat/filebeat.yml')

[jasonperrone]

That's 7.17.3, btw.