sflanders
Commander
Commander

Thanks for the info and bug ID! As an FYI from the Log Insight 1.0 release notes:

Multi-line messages that are sent to Log Insight though syslog from ESXi hosts and other applications are split incorrectly

By default, the syslog protocol supports only single line messages, so each line of a multi-line message is sent as a separate message. This creates problems with field extractions, aggregation, and analysis of multi-line messages.

Workaround: None

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos