multiline pattern for cloudwatch adapter #10
Description
I am trying to push logs to cloudwatch from docker swarm container logs. I have been successful in pushing the logs to cloud watch. I am using the below configuration.
version: "3"
services:
logspout:
image: mdsol/logspout
volumes:
- "/var/run/docker.sock:/tmp/docker.sock"
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: on-failure
env_file:
- ./.env
environment:
- LOGSPOUT=ignore
- LOGSPOUT_GROUP={{"{{.Lbl "com.docker.swarm.service.name"}}"}}-${HOSTNAME}
- MULTILINE_MATCH=last
- MULTILINE_PATTERN="Sep 10, 2019 1:14:33 PM"
command: 'cloudwatch://us-east-1?DEBUG=1&NOEC2&DELAY=2'
However the issue i am facing is MULTILINE_PATTERN and MATCH is being ignored by the adapter . My logs are timestamp based and each log entry starts on a new line.
So without the MULTILINE_PATTERN i am seeing each line as a separate entry in cloudwatch logs , not grouped by timestamp.
I would like to group the entries by timestamp , so entries in the log file logged with same timestamp appear as one in row within cloudwatch log streams.
Has anybody tried this and made it working .