1. Proposed title of this feature request

Process multiline logs (written by a pod on stdout) as single log events

2. What is the nature and description of the request?

Consider a pod producing the following log output:   

    <code>
    This is our first log event with only a single line
    This is a longer log event
        which spans 2 lines
    This is an event longer event
        which has a second,
        but also a third,
        and even a fourth line
    </code>

 With the normal fluentd log collector, each line would be taken as a single event, resulting in 7 log events being send to the log output (logstash in our case).

 The request is a new sort of config option, which allows to define some sort of a multiline pattern (e.g. with a regex), describing which log line is not a new event, but instead belongs to the line before it. In the example above, we could then define: „Each log line starting with 4 whitespace characters belongs to he line before it“, or in pseudo code:

    multiline.pattern: ‘\s{4}‘

With this config, fluentd should only create 3 events:

    1st event:
    “This is our first log event with only a single line“

    2nd event:
    “This is a longer log event
    which spans 2 lines“

     3rd event:
    “This is an event longer event
    which has a second,
    but also a third,
    and even a fourth line“

3. Why does the customer need this? (List the business requirements here)

Without the possibility to join multiple log lines to a single log event, it’s hard to see corresponding log lines together in a single view, which makes it harder to work with them.

4. List any affected packages or components.
Openshift Logging, fluentd