I want stack dumps in a log file sent as a single event to a collector.
From the user manual:
Finally, this example tails a file and uses the regex "\n\d\d\d\d" as a delimiter and appends the delimiter to the next event. This could be used to gather lines from a stack dump in a log file that starts with four digits (like a year from a date stamp).
The output using the configuration above includes the entire delimiter, including the newline. However, I want the date stamp part of the delimiter to be included in the output, but the newline part of the delimiter to be excluded from the output. Perhaps the delim and delimMode properties could be enhanced to allow users to include or exclude parts of the delimiter based on matching groups in the regex.