Docs/ELK/Logstash多行合并.md

用于错误等多行日志输出为同一事件

https://www.elastic.co/guide/en/logstash/current/plugins-codecs-multiline.html

input {
  ...
  codec => mutiline {
    pattern => ""  ## 正则匹配，哪些数据为一行
    negate => "true" or "false"
    what => "previous" or "next"
  }
  ...
}