We have a problem with the multiline config of splunk-otel-collector. I tested our regex to find stacktraces with regex101 and it works just fine there. However, our logs are still being splitted into several logs. I can think of an problem with the wildcards we have set for namespaces, pods and containers. Anyone has an idea what I can look into to resolve this?
Goal: Don't split logs that start with leading whitespace nor "Caused by"
multilineConfigs:
- namespaceName:
value: .*
podName:
value: .*
useRegexp: true
containerName:
value: .*
firstEntryRegex: ^(?:\s|Caused by)