Multiline grock issue #101
Description
Hi I have a log file which has logs like below
----------- SCAN SUMMARY -----------
Known viruses: 368701
Engine version: 0.103.3
Scanned directories: 8103
Scanned files: 79957
Infected files: 0
Data scanned: 6801.17 MB
Data read: 3763.00 MB (ratio 1.81:1)
Time: 3300.802 sec (55 m 0 s)
Start Date: 2021:12:07 06:22:02
End Date: 2021:12:07 07:17:03
clamscan_exit_code=0; submitted_metrics_count=3; secs_since_last_run=86423.197871; secs_since_last_success=86423.197871
My config looks like this
#
@type tail
tag parsed.clamscan
path /var/log/clamav/clamscan.log
log_category clamscan
pos_file /etc/griffin/pos/clamscan_min.pos
path_key tailed_path
@type multiline_grok
multiline_start_regexp /.SCAN\sSUMMARY./
grok_pattern %{GREEDYDATA:msg}
But because of \n in the start of the log , its not parsing my log
Please advise