Yeah, that does make it hard because I don't have a lot of control and there's quite a variety of logging formats. That said, perhaps the 80/20 rule just has to apply here. Thank you for your help! ... View more

Thanks for the explanation, links, and examples, Ilya! If I take a look at the events we're recording across various containers, it's clear that they don't use a common log format. Some dates are formatted 2022-07-13T19:55:23.884Z where others are 2022/07/13 19:55, and yet others are 13 July 2022, 19:55. Some containers (perhaps HAProxy or NGINX) start with the client's IP address, followed by a date in square braces. Other log files I've found simply have no date! We have a number of dev teams deploying to the cluster, and it's impossible at this stage to make them to use the same log format so that the regex would always match. Have you standardized your logging format across containers - or am I missing something here? Please tell me that I'm missing something. 😉 ... View more

Hi @ifeldshteyn, did you ever manage to find a solution to this? I'd really like for fluentd to handle multiline events in Rancher. The way it's working now, an event per line, is rather painful. ... View more