ELK~fluentd和logback多行文本避免折断

fluentd的配置

<source>
    type tail
    path "/var/log/*.log"
    pos_file "/var/log/*.log.pos"
    tag "test"
    refresh_interval 120
    format multiline
    format_firstline /\d{4}-\d{1,2}-\d{1,2}/
    format1 /^(?<access_time>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3}) (?<application>[^ ]*) \[(?<app_thread>.*)\] (?<level>[^ ]*) (?<message>.*)/
    <parse>
      format_firstline /\d{4}-\d{1,2}-\d{1,2}/
      @type multiline
      format1 /^(?<access_time>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3}) (?<application>[^ ]*) \[(?<app_thread>.*)\] (?<level>[^ ]*) (?<message>.*)/
    </parse>
  </source>
  <match **>
    @id elasticsearch
    @type elasticsearch
    @log_level "debug"
    index_name "fluentd"
    host "elasticsearch.elk"
    port 9200
    include_tag_key true
    tag_key "@log_name"
    logstash_format true
    flush_interval 10s
    logstash_prefix "test"
    <buffer>
      flush_interval 10s
    </buffer>
  </match>

logback.xml配置

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <springProperty scope="context" name="appName" source="spring.application.name" />
    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
        <encoder>
             <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} ${springAppName} [%thread] %-5level %logger{50} - %msg%n</pattern>
        </encoder>
    </appender>

    <root level="DEBUG">
        <appender-ref ref="STDOUT" />
        <appender-ref ref="FLUENT_TEXT" />
    </root>
</configuration>